Ransomware Payments Are Down

Chainalysis reports that worldwide ransomware payments were down in 2022.

Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.

As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data. When we published last year’s version of this report, for example, we had only identified $602 million in ransomware payments in 2021. Still, the trend is clear: Ransomware payments are significantly down.

However, that doesn’t mean attacks are down, or at least not as much as the drastic drop-off in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.

Tags: crime, cryptocurrency, cybercrime, extortion, ransomware

Posted on January 31, 2023 at 7:03 AM • 6 Comments

Comments

Franchesko • January 31, 2023 7:14 AM

Probably due to the slowing of economic development globally… Interesting how even (cyber-)crime is affected by this / you can see the impact even there.

Clive Robinson • January 31, 2023 10:11 AM

@ALL,

Re : Why pay?

From the article,

“Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.”

I suspect that there is some degree of truth in that.

Consider that most who originally paid up were “easy marks” as they had taken no steps to protect themselves.

So not only were they hit any backups they had were of no use to them.

Thus enough people would have started to “smarten up their act” to start bringing the hit rate down.

So some ransomware operators started taking the data and then try ransoming individuals via their medical records etc

They in turn turned back on the organisations who had alowed the records to be taken.

So things got tightend up somemore.

Then there is fake ransomware where the data gets destroyed not encrypted, so no matter what you pay you don’t get your records back…

Now of course tracing crypto-payment is getting easier so the operators are getting more vulnerable.

Whilst we don’t yet know how the recent takedown of a ransomware payment back end happened, that too will have caused less people to want to pay. Because the “middle agents” who pretend to “find the keys” but actually pay the ransom now risk criminal charges themselves.

So any smart criminal will have clened up and scrubbed where they can to stop being tracked down. Leaving the less smart or those who made the stupid mistake of thinking they were beyond touch.

That is those criminals who thought they were safe in Russia under Putin have now discovered it’s pay back time and they are where possible escaping from Russia. They also will no doubt get rounded up in the next year or two…

Ted • January 31, 2023 2:08 PM

we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.

Yes, as Chainalysis mentioned, OFAC sanctions may prohibit some companies from paying.

For example, even though the Conti ransomware team isn’t sanctioned, Russia’s FSB is a sanctioned entity.

(At the start of Russia’s invasion in Ukraine, Conti publicly threw its support behind Putin’s government. Not long after a cache of its internal communications were leaked. Connections to Russia’s FSB were discovered.)

As Chainalysis reported, many victims and incident response firms decided paying Conti was too risky.

Another factor is that cyber insurers are requiring companies to have better security and backup systems in place.

Many insurers are also less likely to allow insurance proceeds to be paid out for the ransom payment.

Ted • January 31, 2023 5:49 PM

The International Counter Ransomware Task Force (ICRTF) began operations on Jan 23, 2023.

The task force is made up of 37 governments. Australia is the group’s inaugural chair.

https://therecord.media/international-counter-ransomware-task-force-kicks-off/

Sean • January 31, 2023 10:10 PM

Not for this post, but there are some bothersome stuff in china’s predictive text, look at the last half of this url
https://www.youtube.com/watch?v=hBDwXipHykQ

Zian • February 3, 2023 3:05 AM

The variations can still be attributed to random variation, if one uses a control chart to plot Chainanalysis’s data.

It seems that we still need more years of data before we can say that there’s been a true change in the real world.

Ransomware Payments Are Down

Comments

Leave a comment Cancel reply