Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Ransomware payments hit a record US$1.1bn in 2023

Ransomware payments reached a record-breaking high in 2023, breaking the eight-figure mark and reaching a massive US$1.1 billion (roughly A$1.69 billion).

user icon Daniel Croft
Thu, 08 Feb 2024
Ransomware payments hit a record US$1.1bn in 2023
expand image

The figure, which is quite a considerable jump from the previous 2021 record of US$983 million (roughly A$1.51 billion), reflects the growing efficacy of ransomware gangs.

This is despite ransomware payments dropping by almost half in 2022, down to US$567 million (roughly A$870 million).

Blockchain analysis firm Chainalysis predicted a jump in ransomware in a report released in July 2023 and has since released its latest report confirming such.

============
============

“In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies,” said Chainalysis.

“Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways.

“As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims.

“Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.”

The company adds that the overall trend from 2019 to 2023 suggests an escalating problem. Chainalysis called 2022’s drop an “anomaly” influenced by geopolitical events such as the Russian invasion of Ukraine, which would have disrupted the actions of many Russian cyber gangs, either restricting their actions or seeing them shift from financial incentives to political hacktivism.

Additionally, the Hive ransomware strain was taken down by the FBI, and there was an overall downturn in Western willingness to pay ransom.

“Conti, in particular, faced issues, suffering from reported links to sanctioned Russian intelligence agencies, exposure of the organisation’s chat logs, and overall internal disarray,” the company added.

“This led to a decrease in their activities and contributed to the overall reduction in ransomware incidents in 2022. But researchers have noted that many ransomware actors linked to Conti have continued to migrate or launch new strains, making victims more willing to pay.”

It is also worth noting that the lower ransomware payment fire does not account for the damages that companies were forced to pay as a result of not meeting ransom demands.

However, as the report demonstrates, ransomware rose like a phoenix in 2023. A massive number of new ransomware strains and groups made an appearance, and several major incidents, such as the MOVEit and HWL Ebsworth supply chain attacks, meant thousands of companies were hit.

According to a threat intelligence analyst at Recorded Future, 583 new ransomware variants were detected in 2023.

Ransomware-as-a-Service and initial access brokers are also much more common, lowering the barrier for entry for ransomware gangs.

Despite the record-high payments, there were also several wins against ransomware gangs.

“The Hive takedown and the BlackCat disruption are both great examples of how the FBI has been prioritising victims’ assistance, helping victims and imposing costs on bad actors,” wrote Lizzie Cookson of Coveware.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.