Ransomware payments dropped significantly in 2022, but they’ve shown a major rebound in the first half of 2023, as threat actors switch up their tactics and demands, according to the latest numbers from Chainalysis.
While cryptocurrency crime overall is down in 2023, ransomware isn’t following the same trajectory, Chainalysis said in a mid-year follow-up to its 2023 Crypto Crime Report. To date, threat actors have already netted $175.8 million more in ransomware revenue than they did in 2022.
“This year-over-year growth likely means the reversal of the positive downward ransomware trend we saw in 2022,” said the firm in a blog post.
In February, Chainalysis reported a clear trend of lower ransomware revenue to cybercriminals – down to $456.8 million from $765.6 million one year earlier — but warned at the time, “However, that doesn’t mean attacks are down, or at least not as much as the drastic drop-off in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.”
What happened in the intervening six months, Chainalysis asked? For one, improved cybersecurity and better data back-ups continue to make a difference and put victim firms in a better position to refuse to haggle with hackers.
However, non-payment seems to have encouraged threat actors to increase their demands, “perhaps with the intention of squeezing the most money possible out of the firms still willing to pay ransoms.” There’s been a renewed rise in “big game hunting,” with threat actors going after large enterprises with perceived deep pockets, as well as more aggressive extortion tactics like threatening employees of target firms.
The firm also attributed it in part to a higher volume of successful small attacks, with data showing huge spikes in ransomware payments for an average of around $1,000.
For example, the Dharma ransomware-as-a-service (RaaS) group had an average payment size of $265 in 2023, and Phobos took in an average of $1,719 thus far this year. Another ransomware strain, Stop/djvu, has been taking in an average of $619 per attack.
At the other end of the spectrum, groups like BlackBasta, ALPHV/Blackcat, and Cl0p are raking in over $762,000, $1.5 million, and $1.7 million on average, respectively.
“It is clear the ransomware ecosystem has rebounded in 2023 both in terms of payments and attacks, with record-setting incident numbers,” said Chainalysis. “The data serves as an important reminder that ransomware remains a significant threat, and that businesses should continue to shore up their cybersecurity and data backup procedures for added protection.”