Cybercriminals took in $1.1 billion from ransomware attacks in 2023, a new global record that doubles the previous year’s $567 million, according to new data from Chainalysis, a blockchain analysis firm.
“The growth of ransomware revenue is disappointing following the sharp declines we covered last year and suggests that perhaps ransomware attackers have adjusted to organizations’ cybersecurity improvements,” said Chainalysis in a blog post on its 2024 Crypto Crime report.
The 2022 numbers reflected a steep drop in ransomware revenues, down from $983 million in 2021, and were likely an “anomaly,” the firm said. Chainalysis attributed the 2022 dip to Russia-based threat actors’ focus on the war in Ukraine, along with law enforcement efforts estimated to have prevented about $130 million in ransom payments.
However, 2023 was a “watershed” year for ransomware, with a renewed focus on hospitals, schools, and government entities, according to the report. The $1.1 billion is an “unprecedented milestone,” marked by a strong uptick in frequency, scope, and volume of attacks and the number of threat actors carrying them out, Chainalysis said.
The size of ransom payments has steadily increased between January 2021 and December 2023, Chainalysis noted, with more and more payments exceeding $1 million. Threat actor behavior runs the gamut, with ransomware gangs like Cl0P (perpetrators of the MOVEit attacks), conducting fewer attacks with bigger paydays.
The 2023 ransom payment figures also don’t capture the full economic impact of ransomware and may even increase in the future, the firm added.
“It is important to recognize that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time. For instance, our initial reporting for 2022 in last year’s crime report showed $457 million in ransoms, but this figure has since been revised upward by 24.1%,” Chainalysis said.
Avoiding a report with entirely bad news, the firm also emphasized the real impact that collaborations between international law enforcement are having on ransomware. 2023 included some “significant victories,” Chainalysis said, citing the Hive takedown and BlackCat disruption.