The 2021 Ransomware Payment Amount Is IDR 8.6 Trillion, But The Original Amount Is Much Larger

The number of ransomware payments is increasing every year. (photo: doc. unsplash)

JAKARTA - A new report estimates that ransomware payments in 2021 will reach a minimum of 602 million dollars (IDR 8.6 trillion). But according to analysis the actual total could be much higher.

Blockchain analytics firm Chainalysis released new data on February 10 on ransomware activity related to cryptocurrencies in 2021. However, it noted that the total value is likely to surpass the $692 million fetched in 2020.

"The facts, despite these numbers, anecdotal evidence, plus the fact that ransomware revenues in the first half of 2021 exceeded those of the first half of 2020, show us that 2021 will eventually unfold as an even bigger year for ransomware," said a source at Chainalysis, as quoted by Cointelegraph.

Chainalysis believes 2021 will end even bigger than 2020.

Average ransomware payout size hit a record high of USD 118.000 (IDR 1.6 billion) in 2021. This is a 26% increase from the average of USD  88.000 (IDR 1.2 billion) in 2020. Chainalysis linked payment size a larger average with a “big-hunt” strategy increasingly used by ransomware types where large organizations are targeted by ransomware.

Last year also had the highest number of active ransomware strains of any other year on record. At least 140 types accept crypto payments, which is 21 more than in 2020 and 61 more than in 2019.

Conti is the most active ransomware strain in 2021. It will fetch nearly 200 million US dollars via cryptocurrency by 2021. Conti, thought to be based in Russia, is a ransomware syndicate that sells its programs as a service to affiliates for a fee.

Darkside is second behind Conti, extracting nearly $100 million in crypto value. Darkside is the organization that took Colonial Pipeline hostage last year, and demanded a ransom be paid in Bitcoin (BTC).

Conti itself is the most active ransomware strain in 2021. Although the report states that most types of ransomware come and go in waves, it remains active for a short time before becoming dormant. Conti itself is active throughout 2021. More generally, the ransomware group will cease operations and then reopen under a new name.

This rebranding trend causes the average strain in 2021 to last only 60 days, which is 2.8 times lower than in 2020, which averaged only 168 days.

Chainalysis concludes that while most ransomware attacks have a financial motive, others appear to have geopolitical goals focused on “fraud, espionage, damage to reputation, and interference with adversary government operations.”

This suggests that while there are benefits to using cryptocurrencies to carry out ransomware attacks, the transparency of crypto transactions makes it easier for authorities to track the movement of funds. North Korea has repeatedly used crypto to evade economic sanctions over the years.