In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit. This impacted companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1bn in extorted cryptocurrency payments from victims, reports Chainalysis. It says that last year’s developments highlight the evolving nature of this cyber threat. And its increasing impact on global institutions and security at large.
Ransomware payments in 2023 surpassed the $1bn mark, the highest number ever observed. Although 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem. Chainalysis says that this number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over $100m.
The ransomware landscape is not only prolific but continually expanding. This makes it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies. Chainalysis says that its figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time. For instance, in initial reporting for 2022 in last year’s crime report showed $457m in ransoms. But this figure has since been revised upward by 24.1%.
2022: An anomaly, not a trend
Several factors likely contributed to the decrease in ransomware activities in 2022. These include geopolitical events like the Russian-Ukrainian conflict. This conflict not only disrupted the operations of some cyber actors. It also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.
The Chainalysis 2023 Crypto Crime Report noted that other factors played a role in this downturn. These included a reluctance among some Western entities to pay ransoms to certain strains due to potential sanctions risks.
Another significant factor in the reduction of ransomware was the successful infiltration of the Hive ransomware strain by the FBI.
Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Company Profile – free
Your download email will arrive shortly
We are confident about the
quality of our Company Profiles. However, we want you to make the most
decision for your business, so we offer a free sample that you can download by
submitting the below form
Lessons from 2023
The ransomware landscape underwent significant changes in 2023. This is marked by shifts in tactics and affiliations among threat actors, as well as the continued spread of RaaS strains and swifter attack execution, demonstrating a more efficient and aggressive approach. The movement of affiliates highlighted the fluidity within the ransomware underworld and the constant search for more lucrative extortion schemes.
Threat actors continue to innovate and adapt to regulatory changes and law enforcement actions. But 2023 also saw significant victories in the fight against ransomware with collaboration between international law enforcement, affected organisations, cybersecurity firms, and blockchain intelligence.
Link to the Chainalysis’ 2024 Crypto Crime Report