In 2021, more and more people became aware of what ransomware means: a hacker attack that locks the computer systems of companies with a ransom demand to get the key.

In Sweden, for example, Coop and Bauhaus were affected.

In the United States, there was a shortage of fuel on the east coast when the Colonial Pipeline was exposed, and even hospitals were paralyzed in the middle of the pandemic.

In December, data was leaked from Danish Vestas, which indicates that the wind power giant did not meet the hackers' payment demands.

It is not uncommon for there to be double extortion with threats to publish stolen, sensitive, data.

When stores are forced to close or employees' bank details are spread online, it is difficult to hide that they have been affected.

But the dark figure is large.

- Only 3 percent report to the police, which makes our work much more difficult, says Björn Eriksson, group manager for complex cybercrime at the Police's national IT crime center.

Three out of four companies pay

According to the surveys he refers to, three out of four affected Swedish companies pay the hackers to get out of trouble and the number who give in to the demands must have increased by 300 percent in the past year.

- The normal ransom, the median value of what is paid, is around 300,000 dollars, so it is quite large sums of money, he states.

One explanation for the increase is that it has become easier to transfer large ransoms with the help of cryptocurrencies, digital money that is transferred directly between users without any intermediary such as a bank that can monitor the flow of money.

- The trend is that ransomware is increasing, both in the number of attacks and how large ransoms are requested, says Amanda Wick at Chainalysis, which analyzes cryptocurrencies.

Javascript is disabled

Javascript must be turned on to play video

Read more about browser support

The browser is not supported

SVT does not support playback in your browser.

We therefore recommend that you switch to a different browser.

Read more about browser support

Alexander Norén about the groups behind the ransomware attacks: "See themselves as businessmen" Photo: Janne Danielsson / SVT

"Absolutely not completely anonymous and risk-free"

But Björn Eriksson turns against the common image that it would thus be impossible for the Police to access those who receive the money.

- It is absolutely not completely anonymous and risk-free.

We have tools and methods to access criminals who launder money, even in the crypto world.

He highlights their cooperation with private actors and with Europol, Interpol, the FBI and the Secret Service as necessary to resolve such cases.

Police in 17 countries, including Sweden, took part in Operation Golddust, which in November led to arrests in Poland and Romania, with a direct link to the attack that affected Coop.

They also managed to seize six million dollars from a Russian citizen, who is still wanted.

In the video, you hear Police Erik Björn Eriksson if it is really true that it is mainly Russians who are behind the attacks, and Amanda Wick about why crypto is not as good for the criminals as they might think.