A yr in the past, there appeared to be a glimmer of hope within the cybersecurity business’s long-running warfare of attrition in opposition to ransomware gangs. Fewer company victims of these hackers, it appeared, had paid ransoms in 2022, and cybercriminals had been incomes much less from their ruthless assaults. Maybe the cocktail of improved safety measures, elevated focus from regulation enforcement, worldwide sanctions on the ransomware operators, and scrutiny of the cryptocurrency business may truly beat the ransomware scourge.
Properly, no. That respite seems to have been a mere hiccup on ransomware’s trajectory to grow to be one of many world’s most worthwhile, and maybe the most disruptive, type of cybercrime. In reality, 2023 was its worst yr ever.
On Wednesday, cryptocurrency-tracing agency Chainalysis revealed new numbers from its annual crime report exhibiting that ransomware funds exceeded $1.1 billion in 2023, primarily based on its monitoring of these funds throughout blockchains. That is the very best quantity Chainalysis has measured for a single yr, and practically twice as a lot because the yr earlier than. Certainly, the corporate now describes 2022’s comparatively low $567 million in ransom funds as an “anomaly,” as complete extortion transactions have steadily grown since 2020 in direction of their present 10-figure report.
“It is like we have picked up proper the place we left off, the actual onslaught throughout Covid in 2020 and 2021,” says Jackie Burns Koven, head of risk intelligence at Chainalysis. “It feels very gloves-off.”
That record-breaking $1 billion-plus in extortion funds was a consequence, partially, of the sheer variety of ransomware assaults in 2023. Cybersecurity agency Report Future counted 4,399 ransomware assaults final yr, primarily based on information studies and ransomware gangs’ public listings of victims on their dark-web websites, a tactic the teams typically use to strain victims whereas threatening to launch their stolen knowledge. That is in comparison with simply 2,581 complete assaults in 2022 and a couple of,866 in 2021.
The spike within the variety of assaults seems to have offset a extra optimistic development: By some counts, fewer victims of ransomware are paying the ransoms that hackers demand. Based on knowledge from the incident response agency Coveware, which regularly negotiates with ransomware gangs on behalf of victims, solely 29 % of ransomware victims paid a ransom within the fourth quarter of 2023, a dramatic drop from fee charges between 70 % and 80 % for many of 2019 and 2020.
Whilst fewer victims are paying, nevertheless, the entire sum collected by ransomware gangs is nonetheless rising as extra cybercriminals are drawn to a profitable business and perform extra assaults. Allan Liska, a risk intelligence analyst at Recorded Future, argues that the extremely public nature of ransomware serves as a form of promoting, always pulling in additional opportunistic hackers, like sharks who odor blood within the water. “Everyone sees all these ransomware assaults,” Liska says. “Criminals are likely to flock to the place they see the cash being made.”