Ransom Payments Exceeded $1 Billion in 2023
A new report from Chainalysis has revealed victims of ransomware attacks paid hackers $1.1 billion in 2023 to obtain the keys to unlock their data and to prevent the release of information stolen in the attacks. Last year was the first time that ransom payments exceeded $1bn and the annual total was a sizeable jump from the $567 million that was paid in 2022. These are also conservative figures, as the researchers are unaware of all of the cryptocurrency wallets used by ransomware gangs.
Ransom payments have been increasing each year but there was a fall in ransom payments in 2022, which dropped from $983 million in 2021 to $567 million in 2022. The researchers believe this anomaly is linked to the Russia-Ukraine war. Many hackers changed their operations from ransomware attacks to attacks focused on espionage and destruction on Ukrainian targets and those that did continue with ransomware found it harder to get paid as Western targets became concerned about sanctions risks, given that many ransomware groups are based in Russia.
In 2023, there was a shift back to ransomware attacks with ransomware actors choosing to attack high-profile institutions and critical infrastructure, including schools, hospitals, and government agencies and the attacks increased in scope and complexity. There were also mass extortion-only attacks by the Clop ransomware group on file transfer solutions such as GoAnywhere MFT and MOVEit, with Clop getting paid at least $100 million for the attacks that exploited the vulnerability in MOVEit.
Chainalysis has observed a trend for big game hunting, which has become the dominant strategy in recent years but there is considerable variety across the ransomware ecosystem with RaaS operations such as Phobos having low payments but making up for that with volume. These groups lower the entry barrier and make it easy for relatively low-skilled hackers to start conducting attacks.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Several trends were observed in 2023, including astronomical growth in the number of threat actors carrying out ransomware attacks. Recorded Future reported 538 new ransomware variants in 2023, which suggests the emergence of many new, smaller ransomware groups. There has also been a shortening of the dwell time, with ransomware deployed more rapidly after initial access, and ransomware groups have been developing more efficient and aggressive tactics.
There were some success stories in 2023 due to law enforcement operations, including the takedown of the Hive group and the disruption of Alphv. The FBI reports that it the Hive operation allowed it to provide the decryption keys to many victims, saving $130 million in ransom payments, although Chainalysis estimates the impact was far greater, with the disruption caused preventing an estimated $210.4 million in payments.