Hackers behind ransomware attacks have raked in about $33 million worth of Bitcoin since the start of the year, data by Ransomwhere shows. This amount can rise dramatically should Russian-speaking cybercrime syndicate REvil receive the $70 million it demanded from some 200 US companies hit by a massive ransomware attack earlier this month.

A relatively new threat, which was first identified in April 2019, the REvil (Sodinokibi) ransomware is responsible for a third of all ransomware payments this year, as its victims paid the hackers $11.3 million in Bitcoin.

This also makes REvil the second largest all-time ransomware tracked by Ramsomwhere in terms of the money collected from the victims. The Mailto/Netwalker group topped the list with $27.9 million.


Mailto/Netwalker is also the second-largest this year, having netted $5.7 million, with RagnarLocker, DarkSide, and Egregor among other notable threats.

Total tracked ransomware payments in 2021. Source: Ransomwhere.

Crowdsourcing ransomware data

Ramsomwhere is an open, crowdsourced ransomware payment tracker launched last week by Jack Cable, a security researcher who helped the U.S. Cybersecurity and Infrastructure Security Agency to secure election systems ahead of the 2020 presidential elections.

In a Twitter thread announcing the launch of the tool, Cable said that it’s impossible to know the full impact of these attacks without comprehensive public data on the total number of ransomware payments. According to him, possessing such data could also help understand “whether taking certain actions changes the picture.”

As the all-time amount of ransomware payments recorded by Ramsomwhere has already surpassed $60 million, this indeed may be useful information for researchers.


However, as Cable stresses, the picture won’t be full without the help from the community, including the victims of ransomware attacks. He thus urges anyone in possession of data on ransomware payment addresses to submit it to the site.

"Ransomwhere aims to fill that gap by tracking Bitcoin transactions associated with ransomware groups,” wrote Cable.

The researcher added that all submitted reports are approved manually to prevent abuse and that all data is made public, helping to identify false positives and make necessary corrections.

According to a recent research by security firm Barracuda, the volume of Bitcoin-related cyber-attacks, including ransomware, have surged by almost 200% since the start of the bull run last autumn. And with so many hackers turning to cryptocurrencies for payouts, many have used this as a reason for tougher crypto regulations.

Still, as Ransomwhere explains, “due to the transparent nature of Bitcoin, it's trivial to track payments with knowledge of receipt addresses,” and-ultimately-to identify the criminals.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.