Ransomware gangs returned with a vengeance, extorting a record-breaking $1.1 billion in cryptocurrency payments in 2023 after a significant decline in 2022.
According to blockchain expert Chainalysis, ransomware attacks intensified in scope and complexity, targeting companies, high-profile institutions, and critical infrastructure, including hospitals, schools, and government agencies, in 2023.
After gaining digital access, ransomware hackers either threaten to leak or sell data or make software or data inaccessible to its owner unless a ransom is paid, typically in cryptocurrencies, which allow the recipient to remain untraceable.
Chainalysis reported a significant increase in ransomware payments in 2020, with a total of $905 million, which rose to $983 million in 2021. The amount dropped to $567 million in 2022 but nearly doubled in 2023.
“It is important to recognize that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time,” Chainalysis clarified, adding that these numbers do not include “the economic impact of productivity loss and repair costs associated with attacks.”
The blockchain company considers the 2022 low an anomaly that it largely attributes to geopolitical events like the Russian-Ukrainian conflict.
“This conflict not only disrupted the operations of some cyber actors but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction,” it stated, implying that many ransomware actors operate from the warring nations.
A second major contributing factor was the FBI’s successful infiltration of the Hive ransomware group, whereby the agency was able to save some 1,300 victims an estimated $130 million by warning of impending attacks and providing decryption keys to disable the ransomware infection.
“The Hive investigation is an example of a gold standard for deploying the key services model,” said Special Agent in Charge David Walker of the FBI’s Tampa Division.
“We will continue to take proactive disruptive measures against adversaries,” Mr. Walker added.
A Growing Criminal Plague
Cybersecurity experts noticed a significant increase in spoils and the number of attacks, indicating that many smaller gangs and individuals are joining the larger cybercrime syndicates.
“A major thing we’re seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks,” said Allan Liska, Threat Intelligence Analyst at cybersecurity firm Recorded Future, which counted 538 new ransomware variants in 2023.
Chainalysis attributes the crime explosion to an increasing number of so-called “initial access brokers”—hackers who specialize in gaining access to computer networks and then sell that access to ransomware attackers “for as little as a few hundred dollars.”
Combined with the availability of efficient ransomware strains, this dramatically lowers the technical skills required to perform cyber extortion.
At the same time, cyber-analysts noted increased proactive engagement from law enforcement, signaling a positive shift in approach.