Cryptocurrency related Ransomware Attacks “Skyrocketed” Last Year but there May be “Fewer Culprits” than Expected: Report

Ransomware “skyrocketed” last year, however, there might be “fewer culprits” than we may think or expect, according to a report from blockchain analysis firm Chainalysis.

Chainalysis acknowledges that 2020 will “forever be known” as the year of COVID-19, but when it comes to cryptocurrency-related crime, it’s also the year that ransomware really began to take off.

Blockchain analysis reveals that the total amount paid by ransomware victims “increased by 311% this year to reach nearly $350 million worth of cryptocurrency,” Chainalysis confirmed in its report. Notably, there’s “no other category of cryptocurrency-based crime” that had a higher growth rate than this segment. Chainalysis also pointed out that this number is actually “a lower bound of the true total, as underreporting means we likely haven’t categorized every victim payment address in our datasets.”

2020’s ransomware increase was mainly “driven by a number of new strains taking in large sums from victims,” and other “pre-existing strains drastically increasing earnings.” Chainalysis’ report also clarified that ransomware strains “don’t operate consistently, even month-to-month.”

The report added that the number of ransomware strains active throughout 2020 may “give the impression that there are several distinct groups carrying out ransomware attacks, but this may not be the case.” As reported by Chainalysis, many of these ransomware strains function on a model that affiliates “rent” usage of a strain “from its creators or administrators, in exchange for a cut of the money from each successful attack.”

Many ransomware-as-a-service or RaaS affiliates tend to “migrate between strains,” indicating that the entire ransomware ecosystem is significantly smaller than one might expect or think “at first glance.” Cybersecurity researchers also “believe that some of the biggest strains may even have the same creators and administrators, who publicly shutter operations before simply releasing a different, very similar strain under a new name,” the Chainalysis report noted.

The report also mentioned that “with blockchain analysis, we can shed light on some…