skip to Main Content
CipherTrace is hiring! See our current job openings.

CipherTrace Report: Double extortion ransomware jumped by nearly 500% last year

  • Double extortion ransomware increased by nearly 500% in 2021
  • The first six months of 2021 saw payments to ransomware groups of $590m, an increase of 42% over the whole of 2020
  • Bitcoin (BTC) remains the preferred payment system but Monero (XMR) has jumped sharply in adoption by ransomware groups

April 18, 2022 — CipherTrace, a Mastercard Company, has noted a sharp increase in the number of payments made to ransomware groups in 2021. The growth in this criminal enterprise is so large that the first six months of 2021 saw payments that matched the whole of 2020. With $590m in cryptocurrency paid to cybercriminals in the first half of 2021, the cost to both individuals and businesses is staggering.

Ransomware attacks take place when criminals can get access to a device on your network. That could be any number of individual products, from a printer through to a Network Attached Storage (NAS) device. Once inside, the software encrypts your files with a key only known to the cybercriminals. To decrypt those files, and return your access to them, you would be expected to pay a ransom. For home users, that might be $500, for large companies it could be millions or tens of millions of dollars with demands being paid in cryptocurrency.

A more insidious attack uses the same concept, but worse. Double extortion attacks present another problem for beleaguered businesses. Not only are your files encrypted, but the threat of selling your files and data is added. If you don’t pay, the cybercriminals will sell your data to the highest bidder, or perhaps even just release it for free. This creates a mountain of additional problems for companies who might lose control of sensitive customer data or valuable proprietary company information.

These Double Extortion threats have seen a considerable increase in popularity with ransomware gangs. CipherTrace data suggests that there has been a nearly 500% increase in these attacks in the last year. On average, these attacks are increasing nearly 200% quarter over quarter.

While ransomware has traditionally used Bitcoin (BTC) for payment demands, CipherTrace has seen an increase in the use of Monero from these groups. Some are demanding payment in Monero (XMR) exclusively, while some are accepting both Bitcoin and Monero with a higher price charged for BTC payments because of the complications around extracting money without being traced.

Monero is considered to offer better anonymity, with various protections offered that can shield transactions from scrutiny. The ability to track these payments varies, but Monero is more challenging than the completely public Bitcoin blockchain.

CipherTrace protects financial institutions from cryptocurrency laundering risks and helps grow the blockchain economy by making it safe for consumers, trusted by investors and accepted by governments.

You can read the full Current Trends in Ransomware Report on the CipherTrace website.

For media inquiries, please contact Ian Morris at ian.morris(at)mastercard(dot)com

Back To Top