BTC wallets from 30,515 ransomed databases traced. 62% received nothing
A recent study found that 30,515 out of 65,907 exposed databases on the internet carry ransom or wipe markers. Despite the prevalence of these ransom notes, 62% of the traced bitcoin wallets received no payments, indicating that the damage from these attacks occurs regardless of whether victims pay. The research highlights the growing issue of database extortion, which has seen a significant increase in incidents over the past few years.
- ▪The study observed 65,907 exposed databases, with 30,515 (46.3%) marked for ransom or wipe.
- ▪Of the 512 traced wallets, 318 (62%) received no bitcoin, showing that damage occurs even without payment.
- ▪The database ransom epidemic is largely overlooked, lacking the visibility of other ransomware attacks.
Opening excerpt (first ~120 words) tap to expand
Share Facebook Twitter LinkedIn Pinterest Email Copy Link We built a five-year census of 65,907 exposed databases on the public internet. 30,515 of them (46.3%) carry a ransom or wipe marker. We then validated every bitcoin address inside those notes, ending with 514 distinct attacker wallets. When we priced the 512 we could resolve on-chain, 318 had received zero bitcoin. The 9.78 BTC (around $753,000) that did move concentrated into a handful of operators. Mass database extortion is industrial, automated, mostly unpaid, and still doing enormous damage. Ransomnews Research Team. Census window: May 2021 to 13 May 2026. Wallet enrichment via mempool.space, priced at BTC = $76,992 on the lookup date. Key takeaways Scale of the corpus.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ransomnews.
Discussion
0 commentsMore from Ransomnews
