Ransomware Payments Hit At Least $600M in 2021: Chainalysis Report

As of 2021, the number of ransomware cryptocurrency payments nearly doubled, hitting an estimated $602 million, according to Chainalysis.

In its latest report published on February 10, Chainalysis noted that it updates previous years’ estimates retroactively upon further identification of funds, believing the final number to be exponentially greater than what has been estimated thus far at $602 million.

From approximately $692 million taken in 2020, last year’s ransomware payouts were specifically the result of “strains” – a specific type of ransomware where hackers request exorbitant amounts of funds that should be paid only through cryptocurrency (rather than traditional forms of payment and fiat).

In contrast to the sharp rise in the past two years, Chainalysis previously detected only $152 million in payments in 2019 and a mere $39 million in 2018. 

Ransomware-as-a-Service (RaaS) and strains to blame?

Throughout 2021, at least 140 strains received payment from victims, up from 119 in 2020 and 70 in 2019. Most strains arrive and depart in phases, becoming dormant after appearing for a short time. 

While Chainalysis data largely reflected this trend, it recognized that one of the biggest ransomware strains last year in terms of revenue came from the Russian-based group Conti, who used ransomware-as-a-service (RaaS), where the group extorted nearly $180 million in revenue from its victims.

As the report continued, DarkSide was the second biggest strain last year. Notorious for its infamous attack on the U.S. Colonial Pipeline, DarkSide extorted $5 million in Bitcoin (BTC), seizing an additional $75 million in other hacks. Unfortunately, the Colonial Pipeline was only able to recover $2.5 million of the total paid out.

Big game hunting

While the average ransomware payment size in 2019 was $25,000, it has since multiplied to $88,000 in 2020 and over $118,000 in 2021. The report cites one reason for the increase in ransom sizes is the “focus on carrying out highly-targeted attacks against large organizations.” 

Third-party providers using RaaS business models facilitate this “big game hunting” approach for ransomware attackers. Looking at the longevity of third-party attackers such as Conti, it’s only fair to lean towards RaaS as a major catalyst for its revenue gain.

What do you think about this subject? Write to us and tell us!


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Share Article

Nick is a data scientist who teaches economics and communication in Budapest, Hungary, where he received a BA in Political Science and Economics and an MSc in Business Analytics from CEU. He has been writing about cryptocurrency and blockchain technology since 2018, and is intrigued by its potential economic and political usage. He can best be described as an optimistic center-left skeptic.

Follow Author