Ransomware Payments Hit Record of USD 1.1 B in 2023

Highlights:

• The report states that law enforcement agencies have stepped up their efforts to prevent ransomware due to growing problems.
• According to the report, 538 new ransomware variants surfaced in 2023, highlighting threat actors’ agility and unwavering search for fresh approaches to take advantage of vulnerabilities in digital ecosystems.

According to a recent analysis from blockchain analytics company Chainalysis Inc., ransomware payments reached a record-breaking USD 1.1 billion in 2023—nearly twice as much as the USD 567 million paid out in 2022.

It was discovered that the extent and complexity of ransomware activities had grown over this year, which is concerning for global cybersecurity. It should come as no surprise that the most well-known targets were government, healthcare, and education institutions—critical infrastructure sectors.

It should come as no surprise that massive attacks affecting organizations globally, including media outlets like the BBC and airlines like British Airways, were made possible by the year-long exploitation of susceptibilities in widely used software, such as the MOVEit file transfer software.

The report states that law enforcement agencies have stepped up their efforts to prevent ransomware due to growing problems. One instance is the successful penetration of the Hive ransomware operation by the US Federal Bureau of Investigation in January 2023, which is said to have prevented the payment of roughly USD 130 million in ransom.

The Hive operation demonstrates how law enforcement may lessen the effects of ransomware attacks, and it also highlights the growing significance of international collaboration and the use of cutting-edge cybersecurity technologies in identifying and disrupting cybercriminal networks.

Even with the efforts of agencies like the FBI, it’s a never-ending game of Whac-A-Mole: a new one pops up for every ransomware group that is eliminated or targeted.

According to the report, 538 new ransomware variants surfaced in 2023, highlighting threat actors’ agility and unwavering search for fresh approaches to take advantage of vulnerabilities in digital ecosystems. It is also claimed that ransomware-as-a-service models and the exploitation of zero-day or previously unknown vulnerabilities highlight the decreasing entrance barriers and growing sophistication of cyberattacks.

A few well-known organizations dominated the ransomware scene in 2023; Clop and ALPHV/BlackCat were at the forefront in terms of both attack volume and severity. Clop, renowned for its “big-game hunting” tactic, used zero-day vulnerabilities to target major corporations.

Clop’s main objective for the year was to identify a vulnerability in the MOVEit file transfer software. It enormously impacted numerous organizations and led to large ransom payments. According to the report, the group’s operations brought in an estimated USD 100 million in ransom payments.

It was discovered that ALPHV/BlackCat had illustrated the growing frequency of ransomware-as-a-service models, in which affiliates are paid to use ransomware infrastructure to launch attacks. The company set itself apart by hiring people with demonstrated hacking skills for its affiliate program, which allowed it to target more prominent organizations for higher ransoms.

The report states, “The ransomware landscape underwent significant changes in 2023, marked by shifts in tactics and affiliations among threat actors, as well as the continued spread of RaaS strains and swifter attack execution, demonstrating a more efficient and aggressive approach. The movement of affiliates highlighted the fluidity within the ransomware underworld and the constant search for more lucrative extortion schemes.”