Global Ransomware Payments Hit $1.1B Record
BY MARYAM AHTASHAM
The resurgence of ransomware attacks is evident. Despite a significant drop in payments in 2022, from $983 million to $567 million, cryptocurrency tracking firm Chainalysis has reported that ransomware attackers received a staggering $1.1 billion from their victims in 2023βthe highest amount ever recorded.
The Chainalysis report stated that, "Although 2022 saw a decrease in ransomware payment volume, the overall trend from 2019 to 2023 indicates that ransomware is an escalating problem." It further explained that this figure does not include the economic impact of productivity loss and repair costs related to attacks. This is clearly seen in instances like the ALPHV-BlackCat and Scattered Spider's audacious targeting of MGM resorts. Even though MGM did not pay the ransom, the company estimates that the damages cost the business over $100 million.
The figures might be underestimated due to the difficulty in tracking cryptocurrency payments and the time it takes to gather accurate data. The 2022 figure was revised up by 24 percent last year as more data became available.
However, they suggests that the slowdown in ransomware activities in 2022 could be attributed to a variety of factors, including the Russian war in Ukraine, which "disrupted the operations of some cyber actors but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction."
The year 2023 brought significant changes to the ransomware landscape, with a 49 percent increase in victims reported by ransomware leak sites. The surge in activity was mainly due to a number of high-profile vulnerabilities and related zero-day exploits, which led to spikes in ransomware infections before defenders could update their vulnerable software. The emergence of at least 25 new ransomware groups in 2023 suggests that ransomware remains a lucrative and profitable criminal activity.
Th manufacturing sector was the most impacted by ransomware in 2023, followed by professional and legal, high-tech, and wholesale and retail sectors. Despite the global nature of the problem, it appears that organizations based in the United States were primarily targeted, with 47 percent of ransomware leak site posts in 2023 focusing on U.S. victims.
A Continuing Trend
Throughout 2024, over 60 instances of ransomware attacks targeting various sectors such as business, education, government, and healthcare has been recorded. Jonathan Braley, director of threat intelligence at the Information Technology-Information Sharing and Analysis Center (IT-ISAC), says notes that they have experienced a a rise in attacks, with 185 incidents recorded in January, a significant increase from 120 attacks in the same month last year
Dual ransomware is becoming an increasingly alarming issue. Threat actors are likely to persist in carrying out social engineering campaigns and searching for zero-day vulnerabilities to exploit. The growing use of AI could facilitate more complex attacks. Furthermore, ransomware groups may increasingly target hypervisors.
However, there is a glimmer of hope for enterprises and the cybersecurity community. By implementing network security, patch management, and access control, the risk of ransomware can be significantly reduced.
"We should see companies being more resilient and needing to pay less often."
Craig Hoffman
BakerHostetler
However, there is some good news. Some ransomware groups did not survive 2023, either because they were targeted by law enforcement or due to inexperience among their members. Palo Alto Networks highlighted the significant role played by international law enforcement agencies in 2023, stating, "Their increased collaborative efforts led to major successes in disrupting ransomware operations. These actions include providing decryption keys to victims, seizing infrastructure and arresting key threat actors. Law enforcement efforts destabilized notable ransomware groups and prevented them from earning as much money. The results forced affiliates to abandon these groups and seek more profitable alternatives."
