The annual Chainalysis “Crypto Crime Report” provides valuable perspective on how much money ransomware gangs are taking in, and apparently 2023 was their best year ever. Ransomware payments in cryptocurrency (almost always the form they take) topped $1 billion for the first time as there was even more activity than in the peak pandemic years.
Malware going nowhere as ransomware payments surge
There was some hope that ransomware was finally on the wane as 2022 closed. While ransomware payments were more than double what they were in 2019, at $567 million, they were only a little over half what they were when cyber criminals were running wild in 2020 and 2021.
The Chainalysis study seems to indicate that ransomware is not going anywhere. The market has expanded to less technically capable clients as the ransomware-as-a-service groups create even more “idiot-proof” entry level packages, and Bitcoin is once again surging in price. All signs are that 2024 will be very similar to the banner year that criminals enjoyed in 2023.
So what happened in 2022, and why are we back to peak Covid pandemic numbers? Chainalysis thinks the temporary downturn may have been owed to disorganization in the ranks of primarily-Russian ransomware gangs due to the start of the Ukraine conflict and a blitz of financial sanctions and banking system exclusions that accompanied it. Despite increased international law enforcement attention being paid to the biggest gangs, the ransomware operators seem to have sorted out their operations at this point.
This is also in spite of cyber insurance progressively becoming harder to obtain for all types of companies over the last two years. Organizations have responded to these circumstances by becoming better prepared for attacks and having more of a willingness to say “no” to an attacker and restore from backups, but the attackers are also apparently becoming more efficient and striking more targets than ever.
The biggest groups in the game also seem unconcerned with the insurance situation, continuing to focus on “big fish” that they feel can be hit up for ransomware payments of at least $1 million per incident. Groups that are focusing on smaller businesses are finding success, but the most profitable groups by far are the ones that are still focusing on big game.
Over $1 billion in ransomware payments for first year on record
Ransomware has had its peaks and valleys since it was introduced as a major threat around a decade and a half ago, but the ransomware payments logged by Chainalysis indicate it may still have its most profitable years ahead of it.
Its criminal participants are certainly still interested in development, with 538 new strains of ransomware appearing in 2023. As Chainalysis notes, what remains to be seen is how the “big game” gangs will continue to fare. If they continue to bring in record profits, ransomware will remain a leading threat. When they begin to falter, it is unlikely that the smaller fish will be able to make up the difference.
In the meantime, the most profitable groups at present are BlackCat/AlphV and BlackBasta. Dark Angels and Cl0p did not rack up as much total money, but did boast the largest average payment size. Cl0p had a particularly good year on the back of its MOVEit breach, which ultimately made over $100 million for it.