Ransomware victims have paid over $1.3 billion USD ransoms since 2020 despite FBI recommendations of not paying to hackers

Ransomware is still one of the most lucrative hacking variants for cybercriminal groups. In its latest report, the firm Chainalysis reports that encryption malware operating groups made profits of up to $1.3 billion USD between 2020 and 2021, numbers that are sure to be surpassed in the coming years.

To be specific, cybercriminals made $692 million in payments in 2020 and $602 million in 2021, though the numbers could still grow as new reports are filed. The trend is clearly upward, as between 2018 and 2019 ransomware groups accumulated profits of around $190 million USD.

According to Chainalysis, the Conti ransomware variant generated the most revenue in 2021. Operating out of Russia, Conti raised at least $180 million USD from its victims, consolidating itself as the most important ransomware as a service (RaaS) platform today.

Conti has been in the crosshairs of the U.S. government for months; in mid-2021, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) reported detecting more than 400 attacks related to this strain of malware, compromising medical services agencies, industrial facilities, and utilities.

This week, the governments of Australia, the United States and the United Kingdom issued an alert about the persistent and dangerous threat that ransomware has become. According to this document, hackers continue to develop advanced attack techniques, including professional business models and even resorting to other practices derived from this infection, such as the sale of confidential information.

In this regard, the administration of President Joe Biden has implemented a series of initiatives to strengthen the cyber defenses of public and private organizations in the U.S., especially after incidents such as the attacks on Colonial Pipeline and Kaseya impacted multiple areas of critical infrastructure.

At the end of 2021, the White House hosted a meeting with representatives from 30 countries willing to work together with the intention of reducing the number of successful ransomware attacks in 2022, with proposals such as increased criminal penalties for this practice and better financial intelligence mechanisms.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.