Ransomware Crypto Payments Poised to Set New Record in 2023Crypto Cybercrime Falls 65% Overall, But Ransomware Projected to Hit $899M
Cryptocurrency is the lifeblood of ransomware gangs, and their illicit use of crypto could hit record numbers this year. While overall crypto proceeds, including from crimes such as scams, fell dramatically over the past year, ransomware funds are expected to hit $899 million in 2023.
Crypto transfers to known illicit entities such as scam sites, darknet markets and fraud shops plummeted 65% this year compared to last, while risky entities such as mixers and high-risk exchanges saw a 42% decline, Chainalysis said in a midyear report.
But ransomware-related funds continue to grow in 2023, the researchers said. Attackers extorted $175.8 million more in 2023 than they did during the same period in 2022.
Cybercriminals focused on big-value attacks, increasing the number of both very large and very small attacks and extorting at least $449.1 million through June this year. If the pace continues, they are likely to extort $898.6 million by the end of the year, trailing only 2021's $939.9 million.
"Big game hunting - that is, the targeting of large, deep-pocketed organizations by ransomware attackers - seems to have bounced back after a lull in 2022," Chainalysis said. The rebound is seen in payments and attacks.
"The payment size distribution has also extended to include higher amounts compared to previous years," the company said.
For instance, Clop had an average payment of $1.7 million and a median payment of $1.9 million, while BlackCat had $1.5 million and $305,585, respectively. Dharma had $265 and $275, and Phobos had $1,719 and $300.
Amateur hackers typically use low-level ransomware-as-a-service strains such as Dharma and Phobos to attack smaller targets in "spray and pray" attacks. They use sophisticated strains such as BlackBasta and Clop to hit bigger organizations for more money.
Both types of strains, the researchers said, have been more active in 2023 than last year.
Cybersecurity and incident response firm Kivu told Chainalysis that a notable shift occurred in 2023 in ransomware payment size patterns. The shift aligns with the "growing number of extremely high initial demands, ranging in the tens and hundreds of millions of U.S. dollars,” said Kivu General Counsel and Risk Officer Andrew J. Davis.
Factors such as improved cybersecurity and data backup practices by large organizations, law enforcement efforts, increased availability of decryptors, and sanctions against services offering cashout services to ransomware gangs are helping to mitigate attacks to some degree, Davis said. The trend of companies opting to not pay ransom also continues.
"But the nonpayment trend may be prompting ransomware attackers to increase the size of their ransom demands, perhaps with the intention of squeezing the most money possible out of the firms still willing to pay ransom," he said.
The threat actors are also resorting to extreme extortion techniques, such as harassment of employees from victim firms who have not yet paid, he said.
In contrast to ransomware, cyber scams declined the most, and crypto scammers made $3.3 billion less this year than they did in 2022.
The market pullback is a key factor, but not the only one, according to Chainalysis.
"Transaction volumes are down across the board, but declines are much less severe for legitimate services, which have seen just a 28% drop in inflows. In other words, there's been a market pullback, but illicit crypto transaction volume is falling much more than legitimate crypto transaction volume," Chainalysis said.