It’s standard practice for ransomware gangs to request that victims pay ransom fees in cryptocurrency. Once purchased and transferred to a private wallet, cryptocurrency can be easily transferred without interference from financial institutions, regulators, or law enforcement. However, because blockchains are publicly accessible virtual ledgers, it is relatively easy to trace cryptocurrency transactions, except in the case of a few privacy-preserving currencies designed to obscure transaction details. By analyzing transactions on blockchains, investigators, both public and private, can track payments made to ransomware gangs.
Chainalysis has been conducting this sort of analysis and publishing its findings for multiple years in a row, and the company’s latest findings show that ransomware revenue in 2022 fell 40.3% compared to 2021. According to the blockchain analysis company, ransomware gangs extorted their victims of at least $766 million in 2021, which is significantly higher than the $457 million in ransomware payments Chainalysis identified in 2022.
What, then, explains this decrease in ransomware revenue? Chainalysis called on the expertise of various cybersecurity professionals and researchers to help answer this question. According to Allan Liska at Recorded Future, the monitoring of ransomware gangs’ dedicated leak sites (DLS) indicates a 10.4% drop in ransomware attacks in 2022 compared to the prior year. However, this 10.4% decrease in the number of ransomware attacks doesn’t fully explain the 40.3% drop in revenue collected by ransomware gangs.
Numbers provided by Bill Siegel of Coverware suggest that much of the decrease in ransomware revenue is likely the result of a growing unwillingness among ransomware victims to pay ransom fees. Between 2019 and 2022, Coverware observed the likelihood that ransomware victims pay ransom fees significantly decline from 76% to just 41%. In an attempt to explain the decline in ransomware victims willing to pay ransom fees, the experts consulted by Chainalysis pointed to increasing requirements by cyber insurance companies and threats by the US government to impose legal consequences for violating sanctions by paying ransomware groups. The threat posed by ransomware and security breaches in general has driven companies to seek cyber insurance. At the same time, cyber insurance companies have pushed their clients not to pay ransom fees and instead implement and rely on comprehensive backup systems.
We’ll have to see how well the trend identified by Chainalysis holds up over time, but the situation in the cyber threat space may be looking up on the ransomware front.