Ransomware gangs stole and extorted an estimated $1.1bn in 2023, according to Chainalysis. In its latest report on online cybercrime, the blockchain analysis firm found that ill-gotten gains from ransomware surged last year as a result of gangs hacking a range of major organisations, including British Airways and the BBC, as well as multiple exploitations of a software vulnerability in the file transfer service MOVEIt.
“In 2023, the ransomware landscape saw a major escalation in the frequency, scope and volume of attacks,” said Chainalysis, with so-called “big game hunting” becoming a dominant strategy for cybercriminal gangs over the past 12 months. Cl0p was one such collective that became adept at this strategy, leveraging “zero-day vulnerabilities that allowed it to extort many large, deep-pocketed victims en-masse, spurring the strain’s operators to embrace a strategy of data exfiltration rather than encryption.”
2023 ransomware trends stronger than the previous year
The estimated $1.1bn total stolen and extorted from victims by ransomware gangs is the highest haul yet recorded by Chainalysis and dwarfs the $567m acquired by cybercriminals in 2022. That year should be considered an outlier in an otherwise consistent increase in ransomware attacks, said the blockchain analysis firm, with factors such as Russia’s invasion of Ukraine redirecting the efforts of gangs based in the former toward politically motivated cyberattacks.
“Another significant factor in the reduction of ransomware in 2022 was the successful infiltration of the Hive ransomware strain by the Federal Bureau of Investigation,” said Chainalysis, which noted a significant overall drop in the number of ransomware payments as a result of the strain’s takedown. “We believe the Hive infiltration may have averted at least $210.4 million in ransomware payments.”
The barrier to entry for ransomware gangs is lower than ever before
This effect was, however, temporary. 2023 ransomware trends included not only an increase in the adoption of “big-game hunting” tactics by cybercrime gangs but also a marked rise in the overall number of threat actors. This is suggestive of a lowering of the barriers to entry for cybercriminals into the ransomware marketplace, said Chanalysis, spurred by an increase in the number of initial access brokers and the growing popularity of “ransomware-as-a-service” models of cybercrime.
Most of these ill-gotten gains appear to have been laundered on centralised cryptocurrency exchanges and mixers, added the blockchain analysis firm. Improvements in anti-money laundering policies and KYC processes, however, appear to have had some impact on the way cybercrime gangs are monetising ransomware, with many embracing gambling services and instant exchangers – a type of non-custodial cryptocurrency exchange which convert funds immediately – in 2023.
Read more: Royal Mail spent £10 million recovering from LockBit breach
