Skip to main content

Ransomware is now a billion-dollar market

Representational image of a cybercriminal
(Image credit: Pixabay)

An analysis of several hundred cryptocurrency wallets used for ransomware-related payments has revealed transactions totaling over a whopping $5 billion.

A blockchain analysis by the US Treasury Department's Financial Crimes Enforcement Network (FinCEN) of transactions tied to the 177 convertible virtual currency (CVC) wallets, has identified roughly $5.2 billion in outgoing bitcoin (BTC) transactions potentially tied to ransomware payments. 

“Wallets associated with the 10 [ransomware] variants examined sent BTC valued at $5.2 billion to known entities, directly or indirectly, including 51% to exchanges, 43% to other CVC services, five percent to darknet marketplaces, and one percent to mixing services,” the FinCEN report reveals.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

To compile the report, FinCEN analyzed 2184 suspicious activity reports (SAR) filed between January 1, 2011, and June 30, 2021.

Growth of ransomware

FinCEN noticed that the number of ransomware-related SARs filed monthly between 1 January 2021 and 30 June 2021, has grown rapidly, with 635 SARs filed and 458 transactions reported during that time.

Interestingly, the number represents a growth of 30% from the total of 487 SARs filed in the entirety of 2020. As a direct consequence of the increase, the total value of the suspicious activity reported in the first six months of 2021 was $590 million, which far exceeds the total value reported for the 2020, which was $416 million. 

FinCEN’s crunching of the reported data revealed that the mean average total monthly amount of ransomware transactions was $66.4 million, while the median average was $45 million. 

In the report, FinCEN identified 68 ransomware variants with REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos emerging as the most commonly reported variants, while Bitcoin emerged as the favourite cryptocurrency for accepting payments. 

FinCEN also identified several money laundering typologies employed by the ransomware threat actors in 2021. These include requesting payments in Anonymity-enhanced Cryptocurrencies (AECs), avoiding reusing wallet addresses, “chain hopping” and cashing out at centralized exchanges, and using mixing services and decentralized exchanges to convert proceeds.

“FinCEN analysis of ransomware-related SARs filed during the first half of 2021 indicates that ransomware is an increasing threat to the US financial sector, businesses, and the public,” FinCEN opines.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.