Ransomware payments in 2023 soared above $1.1 billion for the first time.
According to BleepingComputer, this figure broke the previous record and reversed 2022’s decline, marking 2023 as a particularly strong money-making period for ransomware gangs .
Previously, the record number set in 2021 reached 983 million USD, exceeding the 2020 record of 905 million USD, an increase of nearly 10%. However, the rise of ransomware in 2023 confirmed that 2022 was a statistical anomaly, as the year’s activity was influenced by geopolitical events between enforcement. Russia and Ukraine, as well as by law The law destroyed the Hive ransomware gang.
According to Chainalysis, the 2023 record could come from escalating attacks on large organizations and critical infrastructure, as well as Clop’s campaign targeting MOVEit that impacted thousands of organizations worldwide world. In July 2023, Chainalysis warned that based on activity and payments recorded at this time, ransomware payments were on track to break records, a prediction that has so far been accurate.
Among them, the most popular organizations in terms of ransoms received in 2023 are ALPHV/Blackcat, Clop, Play, LockBit, BlackBasta, Royal, Ransomhouse and Dark Angels. These groups achieve high payment volumes thanks to different strategies, LockBit has a moderate payment size and frequency but has a large total ransom flow, this is in contrast to Clop and Dark Angels because of their medium payment size. Large tank but lower payment frequency.
Ransomware groups are adapting to the decline in ransom payments by shifting tactics to target large corporations, which can afford to pay large ransoms, rather than targeting many small companies. Other groups increased the frequency of attacks to compensate for the reduced number of victims paying ransom.
Regarding ransom laundering, Chainalysis said payments were mainly channeled to mixing services, underground exchanges, instant exchanges, sanctioned entities, and unsolicited platforms. Know your customer (KYC) requirements.
Recently, Coveware has reported a decrease in the number of victims choosing to surrender to ransomware and pay cybercriminals. However, Chainalysis figures suggest this may not be enough to solve the problem. The report also expects the trend of victims refusing to pay ransom to persist and likely increase in 2024, reaching a critical point where ransomware operations become financially unsustainable.