Hacking Victims Paid $1.1bn In Ransoms Last Year

New research has revealed the scale of extortion being carried out by cyber criminals against ransomware victims in 2023.

New York-based blockchain analysis firm Chainalysis in its ‘2024 Crypto Crime Report’, found that ransomware payments exceeded $1bn in 2023, which was a record high.

It comes after a similar report from Chainalysis in February 2022 found that roughly 74 percent of all ransomware payments in 2021 had been sent to Russian-linked cyber-criminals.

2022 vs 2023

The latest Chainalysis report found that while 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem.

In 2022 the report suggested that several factors had likely contributed to the decrease in ransomware activities two years ago, such as geopolitical events like Russia’s illegal invasion of Ukrainian.

This Ukraine war not only disrupted the operations of some cyber actors, the report stated, but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.

Last December the UK’s National Cyber Security Centre (NCSC) had warned that Russian intelligence services, namely Centre 18 of Russia’s Federal Security Service (FSB), were carrying out a “sustained” attack on UK politics and the democratic process in this country.

And the Chainalysis report noted that 2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks.

Watershed year

The Chainalysis report found that in 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies.

Indeed, major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways.

As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims, the report found.

Chainalysis called 2023 a watershed year for ransomware.

Conservative estimates

Chainalysis noted that the ransomware landscape is not only prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies.

It cautioned that its figures are conservative estimates, that are likely to increase as new ransomware addresses are discovered over time.

Chainalysis said ransomware attacks were carried out by a variety of actors, from large syndicates to smaller groups and individuals.

It pointed that experts are warning that the number of ransomware hacker are increasing, citing Allan Liska, Threat Intelligence Analyst at cybersecurity firm Recorded Future, which reported 538 new ransomware variants in 2023, pointing to the rise of new, independent groups.

Additionally, Chainalysis cautioned about the spread of Ransomware-as-a-Service (RaaS) and availability of hacking tools, which have made it easier to launch attacks

Business model

Brian Boyd, head of technical delivery at Edinburgh-based cyber security specialist i-confidential, noted how the Chainalysis report reveals the sophistication of the business model and earnings in the ransomware market.

“Despite a dip in earnings in 2022, 2023 saw attackers make the most amount of money from ransomware on record,” said Boyd. “Whilst ‘Big Game Hunting’ (ransoms over $1m) continues to grow, Ransomware as a Service (RaaS) means targeting smaller organisations with smaller ransoms can become a force multiplier.”

“Organisations of all sizes must use this study as a catalyst to improve their defences against ransomware, otherwise, with the prevalence of RaaS models, we could be seeing even higher numbers in the year ahead,” Boyd cautioned.

“2023 was undoubtedly one of the worst years the world witnessed with ransomware,” Boyd said. “From MGM to MOVEit, organisations were brought to a standstill in the wake of attacks. But the actual losses these organisations suffered are far more than the figures in this report. The ransom payment is only one part of the financial penalty ransomware places on an organisation. The loss of productivity, assets, data, and the costs of recovery are often far greater than the actual demand.”

“One of the biggest problems with ransomware today is how easy attacks are to execute. Criminals have box-packed tools which make it easier than ever for novice criminals to launch devastating attacks,” said Boyd.

“Organisations can no longer take chances with their data, and they must proactively take steps to defend their assets against these attacks,” Boyd concluded. “They should practice good cyber hygiene, where systems are up to date, backups are stored on premise and in the cloud, employees are regularly trained on how to recognise phishing emails, all systems and devices are inventoried and secured, and recovery from different cyber events is documented and practised on a regular basis.”