This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted

This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted
Photo: Rob Engelaar, Getty Images

Ransomware attacks are on the rise, but quantifying the scope of the problem can be tricky when only the most high-profile cases make headlines. Enter Ransomwhere, the crowdsourced ransomware payment tracker with a punny name that means to shine a light on these cyberattacks that have increasingly rattled governments and businesses around the world. Jack Cable, a security architect at the cybersecurity consulting firm Krebs Stamos Group, launched the site on Thursday.

“Today, there’s no comprehensive public data on the total number of ransomware payments,” Cable wrote on Twitter. “Without such data, we can’t know the full impact of ransomware, and whether taking certain actions changes the picture. Ransomwhere aims to fill that gap…”

Screenshot: Ransomwhere / Gizmodo Screenshot: Ransomwhere / Gizmodo

The way it works is Ransomwhere keeps a running tally of ransoms paid out to cybercriminals in the bitcoin cryptocurrency. This is largely made possible because of the transparent nature of bitcoin: All transactions involving the cryptocurrency are recorded on the blockchain, a decentralized database that acts as a public ledger, thus allowing anyone to track any transactions specifically associated with ransomware groups.

Ransomwhere collects this data and makes it available to the public for anyone to view or download. And because the site is crowdsourced, it also incorporates data from self-reported incidents of ransomware attacks, which anyone can submit. To make sure these reports are the real deal, each is required to include a screenshot of the ransomware payment demand, and every case is reviewed manually before being made publicly available, according to its FAQ page. If an approved report’s authenticity is later called into question, moderators can strike it from the record.

Since the U.S. dollar value of bitcoin is constantly fluctuating, Ransomwhere calculates each ransom amount based on the bitcoin exchange rate on the day that the transaction was sent. By extension, the precise amount the cybercriminals walked away with could be different depending on when they decided to sell their spoils.

So far in 2021, the Russia-linked cybercriminal gang that took credit for the Kaseya and JBS attacks, REvil, is leading the pack by a mile with more than $US11 ($15) million in ransom payments, according to Ransomwhere. Coming in second with 6.2 million is Netwalker, one of the most popular ransomware-as-a-service offerings on the dark web. Though it should be noted that Netwalker has the dubious honour of racking up the most ransom payments of all time, with roughly $US28 ($38) million to its name based on the site’s data.

REvil could soon surpass that record if its recent demands for $US70 ($94) million are met. That’s how much the gang asked for on Sunday to publish a universal decryptor that would unlock all computers affected in the Kaseya hack, a supply chain attack that has crippled more than 1,000 companies worldwide and prompted a federal investigation.

They’re not the only ones getting in on the grift. The FBI received nearly 2,500 ransomware complaints last year, a roughly 20% increase compared to 2019, according to its annual Internet Crime Report. All told, the collective cost of these attacks amounted to roughly $US29.1 ($39) million in damages, up from $US8.9 ($12) million in 2019. Worse still, both tallies are expected to jump even further in 2021.