It seems that 2023 provided a renaissance of sorts for ransomware, as a new report claims diverse strategies among threat actors, and a shift in the threat landscape, resulted in record-breaking extortion sums.
New findings from Chainalysis claim that after a dip in 2022, ransomware gangs surpassed a historic milestone last year by extorting over $1 billion in cryptocurrency payments from victims.
The company says there are multiple factors that contributed to this infamous milestone. First, the Russo-Ukrainian war helped contribute to the decrease in ransomware activities observed in 2022. Another reason was FBI’s impactful intervention, as the law enforcement agency successfully infiltrated the Hive ransomware group and prevented more than $210 million in ransom payments to be made.
Positioning for action
However in 2023, the ransomware landscape evolved, with attacks growing more complex and bigger in scope, the report adds.
The threat actors increasingly utilized zero-day vulnerabilities in their attacks, with the notable example of Cl0p exploiting the MOVEit zero-day. Also, they diversified their strategies, and included “big game hunting” – going after high-profile institutions and critical infrastructure organizations worldwide, capable of making significant payments. Among the victims, Chainalysis singled out the BBC and British Airways.
The hackers also developed Ransomware-as-a-Service (RaaS) models that allowed low-skilled affiliates to run devastating ransomware attacks, as well.
Finally, the ransomware ecosystem is fluid, with groups constantly rebranding, or overlapping strain usage. New threat actors emerge almost daily, successfully adapting to regulatory changes and law enforcement actions.
Chainalysis finished its report on a positive note, though, saying that international law enforcement, affected organizations, cybersecurity firms, and blockchain intelligence successfully collaborated to combat ransomware. Victories, such as the Hive takedown and BlackCat disruption, showcased a stronger, more determined approach to aiding victims and tracking down cybercriminals.