• A Bowditch and M Bacina

Ransom-everywhere: Chainalysis Report Shows Ransomware as Fastest Growing Crypto-related Crime


Chainanalysis recently released a mid-year update on the still small, but growing threat of ransomware.


Ransomware continues to be a concerning cybersecurity issue. More than USD$210M has been taken from victims so far in 2021, which suggests full year numbers are likely to be at least the same as last year when payments to ransomware attackers rose 344% from 2019 to over USD$416M.


Despite the growth of ransomware attacks, many quite public, Chainanalysis data shows that in 2020, 82% of digital currency sent by identified ransomware addresses was delivered to just five digital currency services. That concentration is even more pronounced at the deposit address level. Just 199 deposit addresses received 80% of all funds sent by ransomware addresses in 2020, with an even smaller group of 25 addresses accounting for 46% of the total sums.


Chainalysis reports are fascinating in identifying other useful trends for transaction monitoring including that:

  1. The average ransomware payment in Q1 2021 was USD$54,000, up from USD$12,000 in Q4 2019.

  2. Larger ransoms are now being commanded from high-profile victims including Bombadier, Acer and Colonial Pipeline, to name a few.

  3. More ransomware attacks appear to be carried out by cybercriminals in Russia and other Commonwealth of Independent States countries.

  4. Ransomware payments can create sanctions risks for companies that help facilitate payments and this risk is up from 15% in 2020 to 32% in 2021.

Some have proposed mandatory ransomware notifications be required to help prevent ransomware, and it is clear that despite hackers seeking payment in digital currencies, the true danger or ransomware is the lack of security which permits a hacker to take control of computer systems to begin with. The evolution of government ransomware policies, updating and strengthening of cyber hygiene regulations and standards, improving information sharing and increasing investigative resources must be deployed together to help change the trajectory of ransomware trends in the future. We are sure that the publicly trackable nature of blockchain systems will be used to help identify those assisting in the payment of ransoms, and may lead to arrests in time.