An analysis of several hundred cryptocurrency wallets used for ransomware-related payments has revealed transactions totaling over a whopping $5 billion.
A blockchain analysis by the US Treasury Department's Financial Crimes Enforcement Network (FinCEN) of transactions tied to the 177 convertible virtual currency (CVC) wallets, has identified roughly $5.2 billion in outgoing bitcoin (BTC) transactions potentially tied to ransomware payments.
“Wallets associated with the 10 [ransomware] variants examined sent BTC valued at $5.2 billion to known entities, directly or indirectly, including 51% to exchanges, 43% to other CVC services, five percent to darknet marketplaces, and one percent to mixing services,” the FinCEN report reveals.
- These are the best ransomware protection tools
- Here's our choice of the best malware removal software on the market
- We’ve also compiled a list of the best backup software
To compile the report, FinCEN analyzed 2184 suspicious activity reports (SAR) filed between January 1, 2011, and June 30, 2021.
Growth of ransomware
FinCEN noticed that the number of ransomware-related SARs filed monthly between 1 January 2021 and 30 June 2021, has grown rapidly, with 635 SARs filed and 458 transactions reported during that time.
Interestingly, the number represents a growth of 30% from the total of 487 SARs filed in the entirety of 2020. As a direct consequence of the increase, the total value of the suspicious activity reported in the first six months of 2021 was $590 million, which far exceeds the total value reported for the 2020, which was $416 million.
FinCEN’s crunching of the reported data revealed that the mean average total monthly amount of ransomware transactions was $66.4 million, while the median average was $45 million.
Ransomware trends
In the report, FinCEN identified 68 ransomware variants with REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos emerging as the most commonly reported variants, while Bitcoin emerged as the favourite cryptocurrency for accepting payments.
FinCEN also identified several money laundering typologies employed by the ransomware threat actors in 2021. These include requesting payments in Anonymity-enhanced Cryptocurrencies (AECs), avoiding reusing wallet addresses, “chain hopping” and cashing out at centralized exchanges, and using mixing services and decentralized exchanges to convert proceeds.
“FinCEN analysis of ransomware-related SARs filed during the first half of 2021 indicates that ransomware is an increasing threat to the US financial sector, businesses, and the public,” FinCEN opines.
- Also check our list of the best cloud backup services
