Ransomware activities have grown exponentially in 2021, with the average ransomware payment size in 2021 being five times the figure in 2019, finds a recent research report by Chainalysis, a blockchain data platform. The data shows that the average ransomware size grew from $25,000 in 2009 to $118,000 in 2021. The report mentions that ransomware activities through cryptos have been increasing since 2018.
With more investors getting involved in crypto, there has been an alarming rise in various cyber frauds on crypto platforms too. The most prominent of these are ransomware activities, finds the report. “Cryptocurrency being anonymous and hard to trace has ransomware attackers exclaiming ‘esto es perfecto’ (that’s perfect), serving as the ideal solution for their misconduct and exploitation of technology and illegal practices,” says Shibu Paul, vice-president, Array Network, an American networking company dealing with encryption tools.
Increasing Incidence But Smaller Ecosystem
While there has been remarkable growth in ransomware strains (activities) in 2021 along with an increasing ransomware payment size, the ransomware ecosystem has become smaller in 2021, finds the report. With 140 ransomware strains reported in 2021, there has been a rise of more than 75 per cent in the strains reported between 2019 and 2021, states the report.
“Large payments such as the record $40 million received by Phoenix Cryptolocker spurred this all-time high in average payment size. One reason for the increase in ransom sizes is ransomware attackers’ focus on carrying out highly-targeted attacks against large organizations,” states the report.
With a smaller ecosystem, the average lifespan of ransomware strains is also going down. While previously, in 2017, the average span of ransomware strains used to be more than 500 days, it plunged to 60 days in 2021.
The increasing incidence in a smaller ecosystem also shows that the activities are highly concentrated in a few pockets. The report says that 56 per cent of funds sent from ransomware addresses since 2020 have wound up at one of six cryptocurrency businesses which include three large international exchanges, one high-risk exchange based in Russia and two mixing services. Crypto mixing service mixes different streams of mainstream cryptocurrency to ensure the anonymity of transactions.
Why Are Ransomware Strains Growing?
As the report suggests, with the ease of technology and tools, it has become easier for cyber criminals to rebrand themselves and re-launch to carry ransomware activities. One of the reasons the life span and ecosystem are getting small is because of rebranding. “Cybersecurity researchers have noted instances of ransomware attackers publicly claiming to cease operations, only to relaunch later under a new name—the giveaway is usually similarities in the ransomware’s code, as well as intelligence gathered from cybercriminal forums and blockchain analysis,” states the report.
Moreover, experts believe that the lack of any concrete government regulations and the decentralised nature of the cryptos make it easy for criminals to carry out the activities.
“Hackers prefer ransomware payments over crypto because on many occasions it is difficult for law enforcing agencies to trace these transactions and identify the end beneficiary since cryptocurrencies are largely not linked yet with traditional currency ecosystem,” says Trishneet Arora, founder and CEO, TAC Security, an American cyber vulnerability management firm.
The report finds the ease of technology is another contributing factor. As much as 16 per cent of all funds sent by ransomware operators were spent on tools and services used to enable more effective attacks, compared to 6 per cent in 2020.