Hackers nabbed $1.75 billion in ransom over 2 years: Report

NEW YORK (BLOOMBERG) - Criminals netted US$1.3 billion (S$1.75 billion) in ransom payments from hacking victims in the past two years, reflecting a massive surge in cybercrime that has prompted a global effort to stop it, according to a new report from Chainalysis.

The cryptocurrency-tracking firm said in an analysis published Thursday (Feb 10) it observed a huge increase in ransom payments: US$602 million in payments in 2021 and US$692 million in 2020.

The 2021 figure is expected to increase and surpass 2020 as additional information becomes available, according to the report.

By comparison, Chainalysis detected US$152 million in payments in 2019 and US$39 million in 2018.

Hacking victims often do not disclose that they have experienced a breach or that they have paid a ransom in cryptocurrency to unlock their systems. The secrecy is one reason, experts say, that criminal groups often based in Russia and Eastern Europe continue to target businesses in the United States.

The average payment totalled more than US$118,000 in 2021, an increase from US$88,000 in 2020 and US$25,000 in 2019, the report said.

The US, the United Kingdom and Australia issued a joint alert Wednesday warning of an increased global threat from ransomware. Hackers have adopted advanced techniques, such as professionalised business models and sharing data about potential victims, officials said.

The Biden administration has rolled out a series of initiatives to bolster cyber defences, both in government and in the private sector, after a series of devastating hacks last year, including ransomware attacks against the fuel transporter Colonial Pipeline and the IT services firm Kaseya.

In October, the White House hosted representatives from 30 countries in an attempt to find ways to slow the number of breaches. Law enforcement agencies, meanwhile, have sought to deter hackers by arresting alleged ransomware operators throughout Europe.

Chainalysis researchers tracked payments in recent years in part by analysing cryptocurrency wallets associated with suspected ransomware groups, including the gangs known as Conti, DarkSide and Evil Corp.

The Conti ransomware strain generated the most revenue in 2021, researchers said. Believed to be based in Russia, Conti reaped at least US$180 million from victims, according to the report.

Conti is one of numerous groups that uses the ransomware-as-a-service business model, where affiliates can purchase ransomware, use it to extort money and provide Conti with a share of the ransom.

The US Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency issued an alert about Conti in September, noting more than 400 attacks, including intrusions that had impacted law enforcement and medical agencies.

DarkSide, the group behind the Colonial Pipeline attack, extorted the second-largest amount of money from victims last year, according to Chainalysis' report.

Colonial Pipeline said it paid US$4.4 million to DarkSide. In June, the Department of Justice announced that it had retrieved US$2.3 million of that amount.

The FBI has previously said that US victims reported US$29.1 million in ransomware losses in 2,474 complaints in 2020.