View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 7, 2024

Cybercriminals extorted $1.1bn in 2023 ransomware haul, says new report

The study by Chainalysis reveals 2023 ransomware trends included the appearance of many more gangs compared to the previous year.

By Greg Noone

Ransomware gangs stole and extorted an estimated $1.1bn in 2023, according to Chainalysis. In its latest report on online cybercrime, the blockchain analysis firm found that ill-gotten gains from ransomware surged last year as a result of gangs hacking a range of major organisations, including British Airways and the BBC, as well as multiple exploitations of a software vulnerability in the file transfer service MOVEIt

“In 2023, the ransomware landscape saw a major escalation in the frequency, scope and volume of attacks,” said Chainalysis, with so-called “big game hunting” becoming a dominant strategy for cybercriminal gangs over the past 12 months. Cl0p was one such collective that became adept at this strategy, leveraging “zero-day vulnerabilities that allowed it to extort many large, deep-pocketed victims en-masse, spurring the strain’s operators to embrace a strategy of data exfiltration rather than encryption.”

An AI-generated image showing desktop computers infected with ransomware, used to illustrate a story about 2023 ransomware trends.
2023 ransomware trends included more criminal gangs pursuing the activity and a greater emphasis on “big-game hunting” strategies among hackers. (Photo by Shutterstock)

2023 ransomware trends stronger than the previous year

The estimated $1.1bn total stolen and extorted from victims by ransomware gangs is the highest haul yet recorded by Chainalysis and dwarfs the $567m acquired by cybercriminals in 2022. That year should be considered an outlier in an otherwise consistent increase in ransomware attacks, said the blockchain analysis firm, with factors such as Russia’s invasion of Ukraine redirecting the efforts of gangs based in the former toward politically motivated cyberattacks. 

“Another significant factor in the reduction of ransomware in 2022 was the successful infiltration of the Hive ransomware strain by the Federal Bureau of Investigation,” said Chainalysis, which noted a significant overall drop in the number of ransomware payments as a result of the strain’s takedown. “We believe the Hive infiltration may have averted at least $210.4 million in ransomware payments.”

The barrier to entry for ransomware gangs is lower than ever before

This effect was, however, temporary. 2023 ransomware trends included not only an increase in the adoption of “big-game hunting” tactics by cybercrime gangs but also a marked rise in the overall number of threat actors. This is suggestive of a lowering of the barriers to entry for cybercriminals into the ransomware marketplace, said Chanalysis, spurred by an increase in the number of initial access brokers and the growing popularity of “ransomware-as-a-service” models of cybercrime. 

Most of these ill-gotten gains appear to have been laundered on centralised cryptocurrency exchanges and mixers, added the blockchain analysis firm. Improvements in anti-money laundering policies and KYC processes, however, appear to have had some impact on the way cybercrime gangs are monetising ransomware, with many embracing gambling services and instant exchangers – a type of non-custodial cryptocurrency exchange which convert funds immediately – in 2023. 

Read more: Royal Mail spent £10 million recovering from LockBit breach

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.