In brief

  • Crypto payments associated with ransomware grew at least 311% in 2020, according to new data from the blockchain data company Chainalysis.
  • “Ransomware” refers to a category of malicious computer programs that force users into paying ransoms.
  • Just 0.34% of all cryptocurrency transactions last year were criminal, down from 2.1% in 2019. But that number is bound to go up, said the firm.

New data suggests that crypto payments associated with ransomware—a kind of malware geared toward extortion—were on the rise in 2020.

In a newly published excerpt of its annual Crypto Crime Report, the blockchain data firm Chainalysis has said that criminal addresses received 311% more cryptocurrency from ransomware in 2020 than they did in 2019. The report also warns that this is likely a conservative estimate, since Chainalysis is likely to identify more addresses connected to ransomware payments retroactively.

The company hedged similarly with last year’s figures: the Crypto Crime Report for 2019 posited that 1.1% of all crypto transactions were criminal—this year, it found the true number is more like 2.1%, or around $21.4 billion in assorted cryptocurrencies.

The report’s best guess for 2020 is 0.34%, which the report says will grow, too, as more scams are unearthed. If there’s good news, it’s that the starting point is significantly lower: around $10.0 billion.

And while payments connected with ransomware grew significantly this year, they still only account for 7% of that $10 billion. The vast majority of criminal crypto payments had to do with darknet markets and the general category of “scams.”

The report also offers a potential explanation for the increase in ransomware-connected payments during 2020. “Covid-prompted work-from-home measures,” it suggests, “opened up new vulnerabilities for many organizations.”

Ransomware programs have been aggressively targeting hospitals and schools during the pandemic, according to NPR and the Wall Street Journal, as attackers look to take advantage of vulnerable systems at vulnerable institutions.

Joshua Corman, a senior adviser at the Department of Homeland Security, told the Journal that the concern with ransomware was more than just financial—attacks on medical facilities, he said, may “lead to a demonstrable loss of life.”