- At the current rate, 2023 was on track to become the second-worst year in terms of ransomware attacks.
- There was a substantial increase in the number of very large ransom payouts in H1 2023.
The latest report by blockchain data platform Chainalysis, which revealed a considerable drop in cryptocurrency-related crimes, injected a lot of optimism in the market. After all, apart from the wild swings in prices of these digital assets, the other argument vehemently put against their adoption are the numerous incidents of scams.
However, while the scam revenue clearly plunged in 2023, ransomware attacks reared their ugly heads again. Attackers extorted $449 million from victims in the first six months of June, roughly 60% higher than the first half of 2022.
The report mentioned that at the prevailing rate, 2023 was on track to become the second-worst year for this category of crypto crimes, trailing only the disastrous 2021.
Source: Chainalysis
Crypto’s role in ransomware
Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a ransom to unlock and decrypt the data. Exploited vulnerability, compromised credentials and malicious emails were found to be the root causes of ransomware attacks, as per a recent report by cybersecurity firm Sophos. Ransomware has been one of the major elements of the cybercriminal ecosystem over the years.
Cryptocurrencies have been widely criticized for being one of the key factors in abetting ransom attacks. While transactions on a blockchain network are traceable, there is no way to associate an ID with the addresses and wallets. Because of the anonymity, unscrupulous players send funds back and forth from one wallet to another, making crypto an attractive mode for ransom payments.
According to an earlier report by Chainalysis, attackers have increasingly asked victims to pay in Monero [XMR]. This makes matters worse because in contrast to Bitcoin [BTC], Monero is completely anonymous and tracking gets more difficult.
Reversal in 2023
The uptick in ransomware revenue in 2023 was reason for alarm, as the decline in 2o22 had provided much-needed reprieve and created the impression that the gravity of such assaults would only diminish.
Chainalysis’ report attributed the rise to what it called as “big game hunting” wherein attackers targeted large-scale organizations to steal huge sums of money. As evident in the chart below, there was a substantial increase in the number of very large ransom payouts in H1 2023 when compared with the first half data of last three years.
Source: Chainalysis
However, there was growth at both ends of the spectrum. The left side of the graph showed that attackers were successful in launching small attacks as well.
It is important to note that new ransomware versions, often known as “strains,” emerge on a regular basis. And attackers can use any of these countless strains available to conduct an assault.
The report showed that low-level strains such as Dharma and Phobos, which are typically used for smaller targets, were active in 2023. In addition, sophisticated strains like BlackBasta and Cl0p, which hit high-value targets, also grew in prominence. This added weight to the narrative that there was an all-out assault in 2o23.
Attackers’ new strategies
2021, as highlighted earlier, was the worst year on record for ransom attacks with nearly $940 million getting extracted. This alarmed stakeholders into putting remedial practices in place. These included plugging loopholes in cybersecurity and data backup practises, and sanctions on companies willing to pay ransom to attackers. As a result, the total ransomware revenue in 2022 plummeted by 46%.
However, attackers were up to this task in 2023. As most of the organizations refused to concede to their demands, these players increased the size of the ransom from companies who were still willing to pay, according to Andrew J. Davis of cyber security firm Kivu. In several cases, attackers went so far as to harass employees of victim companies.
The impact of the Russia-Ukraine War
Russia leads the world in ransomware attacks. Conti, believed to be based in Russia, was the biggest ransomware strain by revenue in 2021. They extorted at least $180 million from victims.
Chainalysis attributed the downfall in ransomware industry in 2022 to the Russia-Ukraine conflict. This limited the capabilities of hackers to conduct such attacks. However, with the geopolitical heat subsiding in 2023, these attackers were back in full force.
Security experts from the crypto space had mixed feelings on the report’s findings. Noah Perlman, Chief Compliance Officer of Binance, praised the overall decrease in criminal incidences. He was, however, concerned about the rise in ransomware crimes.
Initial thought on reading @chainalysis mid-year update: pleased to see crypto crime as whole in a sharp decline this year; surprised that ransomware has risen YOY (would have expected these to move in tandem). Although not on pace for the worst year ever, still concerning that…
— Noah Perlman (@NoahBPerlman) July 12, 2023
