Ransomware Attacks on the Rise: Over $1.1 Billion Paid in Cryptocurrencies in 2023
After a decline in 2022, the ransomware landscape has experienced a significant escalation in attacks, with victims paying out over $1.1 billion in cryptocurrencies to cyber criminals last year, according to findings from Chainalysis’ upcoming 2024 Crypto Crime Report. This marks an all-time high for ransomware payouts and raises concerns about the worsening threat.
The report also highlighted the growing trend of “big game hunting,” where malicious actors aim for larger payments. In fact, 75% of ransomware revenue in 2023 came from payments of $1 million or more. The increase in ransomware payouts not only represents financial losses for victims but also includes productivity losses and remediation costs associated with attacks. For example, MGM estimated losses of over $100 million due to an attack it suffered last year, despite not paying any ransom.
Jackie Koven, Chainalysis Head of Cyber Threat Intelligence, emphasized the importance of understanding the ransomware ecosystem and dismantling the mechanisms that empower these attacks. Collaboration between governments, law enforcement agencies, technology providers like Chainalysis, and victim organizations is crucial in transparently reporting and dealing with ransomware attacks.
Ransomware Ecosystem Widens with New Entrants and Offshoots
Chainalysis researchers observed numerous new entrants and offshoots of ransomware strains in 2023, driven by the potential for high profits and lower barriers to entry. This expansion is facilitated by the increasing popularity and accessibility of Ransomware as a Service (RaaS), where affiliates can access malware and carry out attacks on behalf of core operators in exchange for a share of profits.
The growth of initial access brokers (IABs) has contributed to the ease of ransomware attacks. IABs infiltrate the networks of potential victims and sell that access to ransomware attackers for as little as a few hundred dollars. The combination of IABs and off-the-shelf RaaS reduces the technical skill required to carry out successful ransomware attacks. Monitoring IABs could provide early warning signs, allowing for potential intervention and mitigation of attacks.
Cybercriminals Adapt Laundering Tactics for Ransomware Profits
Chainalysis tracked the movement of ransomware funds to uncover how cybercriminals laundered their illicit earnings. Centralized exchanges, traditionally favored by attackers for off-ramping funds, showed the lowest concentration of funds received from ransomware-linked wallets in 2023. On the other hand, gambling services, cross-chain bridges, and sanctioned entities exhibited the highest levels of concentration.
This shift away from centralized exchanges and mixers is a result of disruptions in traditional laundering methods due to takedowns, the implementation of more robust anti-money laundering (AML) and know-your-customer (KYC) policies by some services, and the evolving preferences of ransomware actors. Following the flow of funds provides authorities with vital information to crack down on this form of cybercrime.
Overall, the increase in ransomware attacks, the involvement of new entrants and offshoots, and the adaptation of laundering tactics by cybercriminals underscore the need for a concerted effort between various stakeholders to tackle this growing threat. By understanding the ransomware ecosystem, identifying potential attackers, and disrupting their mechanisms, law enforcement agencies, governments, technology providers, and victim organizations can work together to mitigate the impact of these attacks.
Analyst comment
Negative news: Ransomware Attacks on the Rise: Over $1.1 Billion Paid in Cryptocurrencies in 2023
As an analyst, the market can expect increased concerns and alarm regarding ransomware attacks, leading to stricter cybersecurity measures and investments in technologies to prevent and mitigate attacks. There may also be a shift towards decentralized exchanges and more stringent AML and KYC policies in response to the evolving tactics of cybercriminals.
