Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments.
“This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.
Although the total paid in ransomware dipped in 2022, Chainalysis reports that this may have been the result of geopolitical events such as the Russian-Ukrainian conflict, which disrupted the operations of some threat actors and also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction. The report says that another significant factor in the reduction of ransomware in 2022 was the successful infiltration of the Hive ransomware strain by the Federal Bureau of Investigation (FBI), which was announced by the Department of Justice (DoJ) early in 2023.
“Big game hunting “ is on the rise
One disturbing new trend that appears to have significantly boosted the total of ransomware payments in 2023 is the practice known as “big game hunting”. This refers to ransomware payments of US$1 million or more.
“Overall, big game hunting has become the dominant strategy over the last few years, with a bigger and bigger share of all ransomware payment volume being made up of payments of $1 million or more,” says Chainalysis.
But the report adds that off-the-shelf Ransomware as a Service (RaaS) products, such as Phobos, which are widely available on the Dark Web, is also having the effect of increasing the sheer volume of attacks worldwide.
“Phobos simplifies the process for less technically sophisticated hackers to execute ransomware attacks, leveraging the typical encryption process that is the hallmark of ransomware. Despite targeting smaller entities and demanding lower ransoms, the RaaS model is a force multiplier, enabling the [Phobos] strain to carry out a large quantity of these smaller attacks,” reports Chainalysis.
There appears little doubt that ransomware attacks are on the rise, both in the overall volume of attacks and in the severity of the attacks.
“In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies,” says Chainalysis.
