Total ransomware payments increased 311% to reach cryptocurrencies valued at approximately $ 350 million by 2020, according to a ChannelIlysis Crime report. The report states that the growth of 2020 ransomware was driven by new strains that have taken huge sums of money from the victims, as well as the existing strains have increased their earnings.
Insights into the report state that a number of ransomware strains work on the RaaS model, where attackers, also known as collaborators, will hire a specific ransomware strain from its manufacturers to monetize each successful attack. Ransomware attackers have transferred most of their stolen funds to mainstream exchanges, high-risk exchanges and mixers. 15% of all ransomware payments made in 2020 carry the risk of violating the ban. According to the report, the overall increase in ransomware payments has led to an increase in the amount of ransomware payments in 2020, including the risk of sanctions.
Overall, more than 50 50 million worth of cryptocurrencies are at risk of sanctions in 2020. The four most active ransomware strains are Maze, Egregor, Suncrypt and Doppelimer, which attacked companies such as Burns & Noble, LG, Pemex and University Hospital New Jersey, among others. Ransomware strains used dual extortion techniques that not only intercepted victims’ data but also published parts of it online as an incentive to get paid.
According to the report, Ransomware Affiliate Maze sent funds through an intermediary wallet to an address labeled ‘Suspicious Sonscript Admin’ worth about 9.55 bitcoins worth $ 90,000. The Egregor ransomware strain wallet sent 78.9 bitcoins, valued at about $ 850,000, to the Doppelpaymer ransomware strain administrator wallet. A suspected laundering service ransomware strain has received cryptocurrencies worth about $ 2.9 million from DoppelPemer, WestDalker and NetWalker. It received cryptocurrencies worth about $ 650,000 from the Darknet market, such as Hydra and FESshop. 199 deposit addresses accounted for 80% of the remittances sent by ransomware addresses in 2020, whereas 25 addresses accounted for 46%.
Note that a nested service deposit address of an international cryptocurrency exchange received য়ে 63 billion worth of bitcoin between August 3, 2020 and the end of 2020. The report states that it received $ 1 million worth of bitcoin from ransomware addresses. And 2.4 million from multiple scams.
(Chainalysis Crypto Crime Report, with insights from 2021)