A year ago, there seemed to be a glimmer of hope in the cybersecurity industry’s long-running war of attrition against ransomware gangs. Fewer corporate victims of those hackers, it seemed, had paid ransoms in 2022, and cybercriminals were earning less from their ruthless attacks. Perhaps the cocktail of improved security measures, increased focus from law enforcement, international sanctions on the ransomware operators, and scrutiny of the cryptocurrency industry could actually beat the ransomware scourge.
Well, no. That respite appears to have been a mere hiccup on ransomware’s trajectory to become one of the world’s most profitable, and perhaps the most disruptive, form of cybercrime. In fact, 2023 was its worst year ever.
On Wednesday, cryptocurrency-tracing firm Chainalysis published new numbers from its annual crime report showing that ransomware payments exceeded $1.1 billion in 2023, based on its tracking of those payments across blockchains. That’s the highest number Chainalysis has measured for a single year, and nearly twice as much as the year before. Indeed, the company now describes 2022’s relatively low $567 million in ransom payments as an “anomaly,” as total extortion transactions have steadily grown since 2020 towards their current 10-figure record.
“It’s like we’ve picked up right where we left off, the real onslaught during Covid in 2020 and 2021,” says Jackie Burns Koven, head of threat intelligence at Chainalysis. “It feels very gloves-off.”
That record-breaking $1 billion-plus in extortion payments was a result, in part, of the sheer number of ransomware attacks in 2023. Cybersecurity firm Record Future counted 4,399 ransomware attacks last year, based on news reports and ransomware gangs’ public listings of victims on their dark-web sites, a tactic the groups often use to pressure victims while threatening to release their stolen data. That’s compared to just 2,581 total attacks in 2022 and 2,866 in 2021.
The spike in the number of attacks appears to have offset a more positive trend: By some counts, fewer victims of ransomware are paying the ransoms that hackers demand. According to data from the incident response firm Coveware, which frequently negotiates with ransomware gangs on behalf of victims, only 29 percent of ransomware victims paid a ransom in the fourth quarter of 2023, a dramatic drop from payment rates between 70 percent and 80 percent for most of 2019 and 2020.
Even as fewer victims are paying, however, the total sum collected by ransomware gangs is nonetheless growing as more cybercriminals are drawn to a lucrative industry and carry out more attacks. Allan Liska, a threat intelligence analyst at Recorded Future, argues that the highly public nature of ransomware serves as a kind of advertising, constantly pulling in more opportunistic hackers, like sharks who smell blood in the water. “Everybody sees all these ransomware attacks,” Liska says. “Criminals tend to flock to where they see the money being made.”
Chainalysis notes that the record $1.1 billion in ransoms paid in 2023 was also driven by ransomware hackers demanding larger sums from victims, many of whom were carefully chosen for both their inability to tolerate a crippling attack and their ability to pay—what Chainalysis’ Burns Koven calls “big game hunting.” That resulted in close to 75 percent of ransomware payments’ total value coming from transactions topping the $1 million mark in 2023, compared to just 60 percent in 2021.