Ransomware payments reached record $1.1 billion in 2023

Trending 2 weeks ago


Ransomware payments successful 2023 soared supra $1.1 cardinal for nan first time, shattering erstwhile records and reversing nan diminution seen successful 2022, marking nan twelvemonth arsenic an exceptionally profitable play for ransomware gangs.

The erstwhile record-high fig was group successful 2021, pinch ransomware payments amounting to $983 million, surpassing nan preceding grounds of $905 cardinal successful 2020 by astir 10%.

Unfortunately, nan resurgence of ransomware successful 2023 confirms that 2022 was a statistical anomaly, pinch that year's activity impacted by geopolitical events for illustration nan warfare betwixt Russia and Ukraine and rule enforcement's dismantling of nan Hive operation.

According to a caller Chainalysis report, nan 2023 grounds tin beryllium attributed to escalating attacks against awesome institutions and captious infrastructure and Clop's monolithic MOVEit campaign, which impacted thousands of organizations worldwide.

In July 2023, Chainalysis warned that based connected nan activity and recorded payments up until that time, ransomware payments were on a record-breaking trajectory, and unfortunately, nan prediction was confirmed.

The astir prolific threat groups successful position of ransom amounts they received successful 2023, are ALPHV/Blackcat, Clop, Play, LockBit, BlackBasta, Royal, Ransomhouse, and Dark Angels.

However, nan supra groups achieved precocious costs volumes pursuing different strategies:

  • Lockbit has a mean median costs size and wave but has a ample full ransom inflow.
  • Clop and Dark Angels person larger median costs sizes but a little wave of payments.
  • ALPHV/Blackcat has a precocious wave and median costs size, pinch a important full ransom inflow.
  • Phobos has a very precocious wave of ransom payments but a little median costs size.
Ransomware group operational strategyRansomware group operational strategy
Source: Chainalysis

"Some strains, for illustration Clop, exemplify nan "big crippled hunting" strategy, carrying retired less attacks than galore different strains, but collecting ample payments pinch each attack," explains nan report by Chainalysis.

"Clop leveraged zero-day vulnerabilities that allowed it to extort galore large, deep-pocketed victims en masse, spurring nan strain's operators to clasp a strategy of information exfiltration alternatively than encryption."

Ransomware groups are adapting to a diminution successful ransom payments by shifting towards "big crippled hunting," which is nan maneuver of targeting very ample companies who are much apt to salary ample ransom demands alternatively than targeting galore smaller companies for a higher number of mini ransom payments.

Other ransomware gangs escalated their onslaught wave to compensate for nan reduced number of paying victims.

Ransom costs size trendsRansom costs size trends
Source: Chainalysis

Regarding nan laundering of ransom payments, Chainalysis says that successful 2023, ransom payments were chiefly passed done mixing services, underground exchanges, instant exchangers, sanctioned entities, and platforms that do not person know-your-customer (KYC) requirements successful place.

This activity has led to accrued rule enforcement operations against rogue exchanges and mixers to forestall threat actors from laundering their illicit proceeds.

Coveware recently reported a dependable decline in ransomware victims opting to springiness successful to nan blackmail and salary nan cyber criminals. Still, Chainalysis' stats show this whitethorn not beryllium capable to tackle nan problem.

On nan contrary, ransomware operations tin stay highly profitable arsenic agelong arsenic nan number of attacks increases and ample organizations proceed to salary these much sizeable ransom demands.

Overall, 2023 has been a bully twelvemonth for ransomware gangs contempt attempts from rule enforcement to disrupt their operations. 

Hopefully, nan inclination of victims refusing to salary ransom will persist and perchance escalate this year, reaching a captious constituent wherever ransomware operations go financially unsustainable.