2022 was generally seen as a down year for ransomware.
CrowdStrike saw the average ransom payment drop from $5.7 million in 2021 to $4.1 million in 2022; Mandiant said it responded to 15% fewer ransomware incidents in 2022 than the previous year.
While 2022 saw various declines on the ransomware front, experts cautioned that reality was more complicated than numbers suggested.
A significant number of threat actors in 2022 saw threat actors pivot from ransomware attacks to data extortion-only attacks where cybercriminals stole data in the hopes of getting paid without encrypting victim networks.
Another factor was that Russia's invasion of Ukraine pulled at least some attention away from financially motivated cybercrime and toward politically motivated attacks.
Chainalysis on Wednesday published a blog post detailing new research and observations regarding ransomware trends last year.
According to the company, ransomware payments reached $1.1 billion in 2023 - the highest ever recorded - compared to $567 million in 2022 and $983 million in 2021.
In January 2023, the U.S. Department of Justice announced that the FBI completed a months-long infiltration of the Hive ransomware gang, in which the agency managed to prevent victims from paying $130 million in ransomware payments.
2023 featured an expansion of ransomware as a service as well as several big game attacks.
Perhaps the most infamous example of large-scale extortion activity was Clop's massive campaign against customers of Progress Software's managed file transfer product MoveIt Transfer beginning in May of last year.
The Clop gang utilized a zero-day vulnerability in the product and launched many data extortion attacks against customers.
Chainalysis said that since Clop's campaign began, the gang received more than $100 million in ransom payments, which represented 44.8% of all ransomware value received in June and 39% in July.
Wednesday's report provided a more detailed view of previous research from Chainalysis.
Chainalysis found a decrease in cryptocurrency scamming and hacking but warned that ransomware activity for the year had risen and reversed the sharp decline observed in 2022.
Jacqueline Burns Koven, head of cyber threat intelligence at Chainalysis, told TechTarget Editorial that the key to making long term progress is disrupting the entire ransomware supply chain, which includes developers, affiliates, infrastructure service providers, launderers and cash-out points.
Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.
This Cyber News was published on www.techtarget.com. Publication date: Wed, 07 Feb 2024 20:13:04 +0000