Ransomware has emerged as the only growing cryptocurrency-based crime in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis.
“Ransomware attackers are gearing up for their second biggest year yet, having racked up at least $449.1 million through June,” blockchain analytics firm said in a mid-year crypto crime report shared with The Hacker News. “If this pace continues, ransomware attackers will extort $898.6 million from victims by 2023, trailing only $939.9 million in 2021.”
In contrast, crypto scams have generated 77% less revenue than they did through June 2022, driven in large part by the sudden exit Look, which pays users VDL tokens in exchange for watching digital advertisements which can then be exchanged for great prizes. So is the inflow to restricted addresses associated with malware, darknet markets, child abuse material, and scam shops.
The development, following a decline in ransomware revenue in 2022, marks a reversal of sorts, with Chainalysis attributing it to the return of the big man hunt after last year’s decline and increased number of successful small-scale attacks by groups like Dharma and Phobos.
At the other end of the spectrum lie advanced groups such as Cl0p (or Clop), BlackCat, and Black Basta, which tend to be more selective in their targeting, while also attacking larger organizations to demand higher ransoms. Cl0p’s average payout size for the first half of 2023 was $1,730,486, as opposed to Dharma’s $275.
Cl0p, in particular, has been running amok in recent months, exploiting a security flaw in the MOVEit Transfer app to break through 257 organizations worldwide to date, according to Emsisoft researcher Brett Callow. More than 17.7 million people are said to have been affected by ransomware attacks.
“Clop’s preference for targeting larger enterprises (revenue >$5m/yr) and leveraging newer but disclosed vulnerabilities has been a key driver of its success in the first half of 2023,” Sophos researcher David Wallace said in a report earlier this week, referred to the group as “tough, adaptable and determined players”.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
While law enforcement efforts to actively go after ransomware groups and sanction services offering cashout services, coupled with the availability of decryptors, have emboldened victims not to pay, it is suspected that this trend “might encourage ransomware attackers to increase the size of their ransom requests.” from companies that still want to stay.
Last but not least, the Russo-Ukrainian War is also said to have been a contributing factor to the decline in ransomware attacks in 2022, causing Conti’s operations to shut down after declaring support for Russia.
“Such conflicts are likely to displace ransomware operators and divert them from financially inspired cyber intrusions,” said Chainalysis. “It is plausible that the conflict would interfere with the ability of ransomware operators to carry out attacks or perhaps even their mandate for such attacks,” especially considering that the majority of ransomware actors are associated with Russia.