Return to Big Game Hunting Sees Ransomware Revenues Soar
There has been a sizeable fall in revenues from cryptocurrency-related crimes in the first half of 2023, with scammers seeing a 77% reduction in revenues from the same period in 2022, amassing a little over $1 billion in the first half of the year compared to $3.3 billion in the first half of 2022. While this is certainly good news, ransomware-related cryptocurrency payments increased significantly in H1 2023, and if the trend continues in the second half of the year, ransomware revenues could eclipse those of 2022. At the current rate, transactions related to ransomware attacks can be expected to reach $899 million by the end of the year, only trailing 2021 – a record-breaking year, where $939.9 million in payments were made following ransomware attacks.
The mid-year analysis from Chainalysis shows a 65% decline in cryptocurrency transfers to known darknet marketplaces, scam sites, and fraud shops compared to the same period last year, with high-risk exchanges and mixers also experiencing a notable decline, down 42% on this time last year. The fall has been attributed, in part, to the disappearance of two major investment scam campaigns, VidiLook and Chia Tai Tianqing Pharmaceutical Financial Management.
The same cannot be said of ransomware-related transfers, which are up at least $175.8 million from H1 2022, with at least $449.1 million paid in ransom payments up to the end of June 2023. Chainalysis attributes the increase to a combination of a return to big game hunting – targeting large organizations with deep pockets – using ransomware strains such as BlackBasta, BlackCat, and Cl0p, and an increase in attacks on smaller entities using ransomware variants such as Dharma and Phobos. The average/median payment size for Dharma was $265/$275 and $1,719/$300 for Phobos, compared to BlackBasta $762,634/$147,106, BlackCat $1,504,579/$305,585 and Cl0p $1,730,486/$1.946,335.
While the attacks on smaller entities yield much lower payments, the attacks are much easier to conduct since smaller firms lack the cybersecurity resources of larger firms. These smaller attacks tend to be conducted by ransomware affiliates using spray-and-pray tactics, rather than targeted attacks. Since the ransom demands are relatively low, payment is more likely to be made; however, there has been a trend of non-payment of ransoms, especially at larger firms. Chainalysis suggests the non-payment trend could be prompting attackers to issue very high demands for payment in their big game hunting attacks due to the high percentage of firms choosing not to pay ransoms.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy