Ransomware Payments in 2020 Were Nearly Double Initial Chainalysis Estimates

Chainalysis updated its estimate of 2020 ransomware payments from $350 million to $692 million, with an initial estimate of $602 million for 2021.

In its latest report, Chainalysis noted that it updates previous years’ estimates retroactively upon further identification of funds. Initial figures putting ransomware revenue in the first half of 2021 above that of the first half of 2020 suggest that this year’s amount will eventually be revealed to have far exceeded last year’s, according to the report.

In contrast to the sharp rise in the past two years, Chainalysis detected only $152 million in payments in 2019 and a mere $39 million in 2018. 

More ransomware strains

Ransomware also experienced growth in the number of active strains and the amount of money extorted by them. Throughout 2021, at least 140 strains received payment from victims, up from 119 in 2020 and 70 in 2019. Most strains arrive and depart in phases, becoming dormant after appearing for a short time. 

While Chainalysis data largely reflected this trend, one strain called Conti remained consistently active for all of 2021. Actually seeing its overall share of all ransomware revenue growth throughout the year, it became the biggest strain by revenue in 2021, ultimately extorting at least $180 million from victims. The report also highlighted DarkSide as ranking second in funds extorted last year, notable for its role in the attack on oil pipeline Colonial Pipeline, of which $2.3 million of the total was recovered.

Big game hunting

While the average ransomware payment size in 2019 was $25,000, it has since multiplied to $88,000 in 2020 and over $118,000 in 2021. The report cites one reason for the increase in ransom sizes is the “focus on carrying out highly-targeted attacks against large organizations.” 

Third-party providers using ransomware-as-a-service business models facilitate this “big game hunting” approach for ransomware attackers. For instance, Conti’s longevity and success can likely be attributed to its providing ransomware for purchase for a share of the cut. 


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Share Article

Nick is a data scientist who teaches economics and communication in Budapest, Hungary, where he received a BA in Political Science and Economics and an MSc in Business Analytics from CEU. He has been writing about cryptocurrency and blockchain technology since 2018, and is intrigued by its potential economic and political usage. He can best be described as an optimistic center-left skeptic.

Follow Author