According to a report, ransomware attacks earned hackers at least $ 350 million. Read on to more about it…
According to a report by Chainalysis, ransomware attacks earned hackers at least $ 350 million (almost R $ 1,9 billion, in direct conversion) in 2020 — an increase of 311% in volume compared to 2019. Chainalysis obtained the numbers after monitoring transactions made to addresses linked to such attacks. The figure was calculated by tracking transactions on blockchain addresses associated with ransomware attacks. The total amount paid by ransomware victims increased by 311% compared to 2019.
In an ransomware attack, a hacker hijacks access to one or more of the victim’s files — usually through encryption — and demands payment of ransom in cash. Most executors of this type of attack ask for bitcoins, which are difficult to track.
Observations
Chainalysis points out that, although its assessment tools are quite complete, the data on these amounts are at the bottom of the spectrum. In other words, the value can be much higher. This is because most of the victims do not admit to having been attacked by hackers and, consequently, do not assume to have made any payment for the invasion of their security.
Regardless, Chainalysis says there has been growth in attacks and reports a 7% increase in the volume of transactions made to addresses considered criminal. According to Chainalysis, this is because new types of attacks have reached a greater number of victims, while known attacks have increased their revenue by asking for larger ransoms.
The report was also able to name some of the hacker groups that obtained the most money. Among them are Ryuk, Maze, Doppelpaymer, Netwalker, Conti and REvil (formerly known as Sodinokibi). Of these, Maze disbanded and Netwalker was dismantled by authorities. In addition, other families such as Snatch, Defray777 (RansomExx), and Dharma made a profit in millions.
There are fewer threat actors than initially thought, with many of these groups keep switching from one RaaS (ransomware-as-a-service) to another as they’re being lured by better deals.
Cashing-in the Ransom
According to Chainalysis, the way the victims paid the ransoms and the way the attacks had sudden spikes and falls indicate that hacker groups operating in ransomware are far less numerous than previously believed. After all, it is common for criminals to switch methods of attack in search of larger ransoms.
The criminals laundered funds through Bitcoin mixing services and sent the funds to legitimate and high-risk cryptocurrency exchange portals to convert the funds into real-world currency. Some payments were made using bulletproof hosting providers, exploit sellers, and penetration testing services (aka initial access brokers), as ransomware operations involve suppliers.
Money Distribution
Also according to Chainalysis, hackers usually use the “mix of bitcoins” method to make the funds obtained legal. In this strategy, cryptocurrency is divided between legitimate and high-risk businesses, which convert it into real-world money.
Part of the amount can then be reinvested in bitcoins to finance other cyber crimes. Among the options are primary access providers (hackers responsible for breaking the first layer of security in a system), hosting services in countries with flexible legislation and vendors of intrusion solutions.
Ransomware money laundering is focused at the deposit address level. Around 199 deposit addresses received 80% of all funds in 2020. An even smaller group of 25 addresses accounted for 46%. More importantly, besides ransomware operations, several other cybercrime operations often reused the same intermediary money laundering services.
Conclusion
From recent trends, it is clear that RaaS has become a full-fledged cybercrime enterprise, earning millions of dollars. In addition, the report indicates that there is a very small group of deposit addresses, with the ability to cash out ransomware proceeds.