According to data provided to The Block, blockchain analytics firm Chainalysis has confirmed over $208 million in ransomware payouts thus far in 2021.
In 2020, the firm confirmed $416,432 in ransomware. While the total for 2021 (through July 13) would seem to be almost exactly half of that for 2020, Chainalysis' ability to confirm these payouts based on association with ransomware wallet addresses depends on the identification of those addresses, which grows retroactively.
Chainalysis' Madeleine Kennedy told The Block:
"As always, this is a lower bound estimate as these are only payments we have been able to confirm so far. So, our data lags a bit, suggesting 2021 will likely be bigger than 2020."
Among the identified ransomware payouts, the firm's information suggests that the bulk flowed through uncompliant global exchanges. A remarkably small range of deposit addresses are at the other end of these cashouts, suggesting a concentration of actors behind the most successful attacks. Then again, analytics firms like Chainalysis are better at identifying these sorts of transactions, which don't include more aggressive privatizing measures like the use of Monero.
Less technologically notable but no less relevant: Many firms paying ransomware attackers do so discretely, not wishing to attract public attention or, worse still, the ire of authorities. The Treasury's Office of Foreign Asset Control warned of potential enforcement actions against firms paying attacks as office suspected sanctioned entities of residing at the end of many ransomware schemes.
"The true cost of ransomware ransoms is likely significantly higher, as many organizations quietly pay ransoms," wrote Kennedy.
The issue of global ransomware attacks has grown in prominence over 2021, which has resulted in mass capital inflows to analytics and forensics firms like Chainalysis. Ransomware-as-a-service groups have facilitated attacks against increasingly visible targets and critical infrastructure. This trend has moved ransomware into the realm of national security.
Earlier this week, a congressional subcommittee held a hearing on the subject. Ransomware's role as an auxiliary of state actors, especially Russia and China, loomed large, in keeping with the Biden administration's recent emphasis on their respective cyber programs.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.