According to a report from the FBI, businesses have paid more than $140 million in bitcoin to ransomware attackers since 2013.
Published during the RSA security conference, this figure does not include operational costs, or additional costs in the attack's aftermath, accounting only for ransom fees paid.
The report also revealed which ransomware families generated the most money for cybercriminals. The Ryuk ransomware outperformed other families by quite a margin, making a total of $61.26 million. Crysis and Dharma were second with $24.48 million, while Bitpaymer was used to extort victims for $8.04 million.
The FBI gathered this intelligence by tracking activity on a group of cryptocurrency wallets identified as owned by cybercriminals (though the anonymous wallet does not reveal the identity of the owner).
To receive ransom pay offs, attackers must share their unique wallet address. This makes it relatively easy for the FBI to calculate just how much money criminals have extorted over the past six years.
The FBI also said there are probably “many other” wallets that weren’t included in the report, especially considering only one cryptocurrency (Bitcoin) was tracked, so the overall figure is likely even greater.