Chainalysis finds 2021 ransomware payouts are outpacing 2020's bumper year

Quick Take

  • With the sudden shift to remote work, 2020 saw a surge in ransomware attacks that brought it to the fore of economic and national security concerns.
  • While 2020 was a record year for ransomware payouts, mid-year data indicates that 2021 is set to beat it. 

According to data provided to The Block, blockchain analytics firm Chainalysis has confirmed over $208 million in ransomware payouts thus far in 2021.

Source: Chainalysis

In 2020, the firm confirmed $416,432 in ransomware. While the total for 2021 (through July 13) would seem to be almost exactly half of that for 2020, Chainalysis' ability to confirm these payouts based on association with ransomware wallet addresses depends on the identification of those addresses, which grows retroactively. 

Chainalysis' Madeleine Kennedy told The Block:

"As always, this is a lower bound estimate as these are only payments we have been able to confirm so far. So, our data lags a bit, suggesting 2021 will likely be bigger than 2020."

Among the identified ransomware payouts, the firm's information suggests that the bulk flowed through uncompliant global exchanges. A remarkably small range of deposit addresses are at the other end of these cashouts, suggesting a concentration of actors behind the most successful attacks. Then again, analytics firms like Chainalysis are better at identifying these sorts of transactions, which don't include more aggressive privatizing measures like the use of Monero.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Less technologically notable but no less relevant: Many firms paying ransomware attackers do so discretely, not wishing to attract public attention or, worse still, the ire of authorities. The Treasury's Office of Foreign Asset Control warned of potential enforcement actions against firms paying attacks as office suspected sanctioned entities of residing at the end of many ransomware schemes.

"The true cost of ransomware ransoms is likely significantly higher, as many organizations quietly pay ransoms," wrote Kennedy.

The issue of global ransomware attacks has grown in prominence over 2021, which has resulted in mass capital inflows to analytics and forensics firms like Chainalysis. Ransomware-as-a-service groups have facilitated attacks against increasingly visible targets and critical infrastructure. This trend has moved ransomware into the realm of national security. 

Earlier this week, a congressional subcommittee held a hearing on the subject. Ransomware's role as an auxiliary of state actors, especially Russia and China, loomed large, in keeping with the Biden administration's recent emphasis on their respective cyber programs. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Kollen Post is a senior reporter at The Block, covering all things policy and geopolitics from Washington, DC. That includes legislation and regulation, securities law and money laundering, cyber warfare, corruption, CBDCs, and blockchain’s role in the developing world. He speaks Russian and Arabic. You can send him leads at [email protected].