After a slow 2022, ransomware attacks and their payments almost doubled in 2023, hitting $1.1 billion compared to 2022’s $567 million. Major institutions like hospitals, schools, and even government agencies were all victims of the rising number of cases.
Ransom payments considerably fell in 2022 compared to 2020 and 2021 when these miscreants had managed to make $905 million and $983 million respectively.
The year of 2022 brought a ray of hope. Fewer attacks and ransoms led us to believe that all the investments in high-tech security tools, better laws and improved practices of the cybersecurity industry were finally catching up.
And this is just an estimation of the amount lost in extortion. The cost of damages and productivity loss makes the overall impact of these attacks even more serious.
But all that changed when Chainanalysis, a crypto-tracing firm, released a report of the total attacks and income made by ransomware gangs in 2023. And now it’s assumed that the statistics of 2022 were just an anomaly, probably influenced by other geo-political factors like the Russia-Ukraine war or the government breaking down the Hive Operation.
If you keep 2022 aside, it’s clearly evident that cyberattacks have been continuously increasing since 2019.
The numbers aren’t all too surprising. Chainanalysis had warned in July 2023 that the rate at which ransomware attacks were happening (up until July), might break all previous records by the end of the year. And unfortunately, that’s what happened.
Who Were The Top Attacks In 2023?
Out of the thousands of malicious cybercrime gangs, the ones that stood out include Clop, LPHV/Blackcat, LockBit, Play, BlackBasta, Ransomhouse, Royal and Dark Angels
A pattern has also been observed in how these gangs make their money. For example, Phobos’s payments are comparatively lower but the frequency of their attacks is very high. On the other hand, Clop and Dark Angels take larger median payments but the frequency of these extortions is low.
However, according to the attack trends, cyber crimes are about to take a grave turn as these ransomware groups focus more on a “big-game hunting” strategy.
This means that every notable group will follow in the footsteps of Clop and reduce their attack frequency by targetting big corporations that can pay larger ransoms.
Another popular technique used by these hacker groups is ransomware-as-a-service (RAAS). Under this, affiliates can use the strain to carry out attacks and the core operators of the strain will get a cut.
What makes this technique so dangerous is that it simplifies the process of hacking, so now even the miscreates who are not very technically sound can carry out major attacks. Currently, ransomware groups ALPHV-BlackCat and Phobos are known to use this technique.
The biggest concern here is also the drastic increase in ransomware variants.
A major thing we’re seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks.Allan Liska, cybersecurity expert
This statement is backed by the fact that his firm found 583 new independent ransomware groups in 2023.
Why Is It Getting Harder To Catch These Gangs?
The number one reason why these gangs are able to avoid detection is through rebranding. When a strain is publicly recognized and sanctioned, they simply rebrand the strains which allows them to operate as usual while distancing themselves from the sanctioned strains.
Affiliates avoid detection by frequently switching strains or using multiple strains. Anytime a strain falls under the radar of the authorities, they move to another one.
Fortunately, recent developments in the tech industry have paved the way for blockchain analysis to identify strain rebrands. However, the frequency of rebranding still poses a major hindrance in this process.
The only silver lining here is there has been a steep increase in the number of victims refusing to give in to the blackmail. While this might not be enough to eradicate cybercrimes, it’s still a positive step.