Ransomware crypto revenue declines as victims refuse to pay: Chainalysis

Crypto revenue extorted by ransomware attackers fell significantly in 2022, down 40.3% to $456.8 million from $765.6 million the previous year.

The trend in reduced ransomware payments was clear, as blockchain data platform Chainalysis highlighted in a new report. Still, the actual totals are likely higher as many cryptocurrency addresses controlled by attackers are yet to be identified on blockchain networks and incorporated into Chainalysis’ data.

Unfortunately, the decline in revenue did not correspond to fewer attempted attacks. Cybersecurity firm Fortinet reported more than 10,000 unique ransomware strains in the first half of 2022, almost doubling those of the prior six months. On-chain data also confirmed that the number of active types of ransomware has increased dramatically in recent years. Still, the average lifespan of each type dropped by more than half to 70 days in 2022 as attackers tried to obfuscate their activities by utilizing various strains.

While numerous strains remain active, Chainalysis said the number of individuals in the ransomware ecosystem is probably small. This is because affiliates carry out attacks over multiple strains, creating the illusion of many different attackers despite re-using the same wallet addresses.

Ultimately, Chainalysis said, evidence suggests the drop in payments may be attributed to more victims refusing to pay ransomware attackers.

Money laundering

On the money laundering front, Chainalysis said most ransomware attackers were increasingly sending victims’ funds to mainstream, centralized crypto exchanges. The share of ransomware funds going to such platforms increased to 48.3% in 2022 from 39.3% in 2021. Meanwhile, those sent to high-risk exchanges fell to 6.7% from 10.9%. Money laundering of ransomware funds through illicit services such as darknet markets also declined, while crypto mixers including Tornado Cash proved more popular, increasing to 15% from 11.6%.