Ransomware payments soared in 2023 to a new record says ChainAnalysis | #ransomware | #cybercrime

Ransomware attacks grew larger in scope and more complex last year, resulting in record high payments that defy the previous year’s lull.

A recent analysis from blockchain data platform Chainalysis said that in 2023 people paid $1.1 billion worth of cryptocurrency for ransomware payments, the highest sum since at least 2019, when it was a “mere” $220 million. The 2023 figures stand in contrast to 2022’s $567 million, which had represented a sudden and unexpected drop.

Chainalysis said this shows that the previous year was more of an aberration than a new normal, fueled by geopolitical factors such as the ongoing Russian invasion of Ukraine. This conflict not only disrupted operations for certain actors, but the remaining ones shifted their focus from financial gain to politically motivated cyberattacks meant more to lift information and wreck havoc. Other factors at play included a reluctance among some western entities to pay ransoms to certain groups due to potential sanctions risks, as some are linked to Russian intelligence agencies. There were also a successful high profile operations against the Hive ransomware network.

This was only a temporary lull, however, as ransomware attacks have since come roaring back. There were 538 new ransomware variants in 2023, pointing to the rise of new, independent groups. Further, ransoms themselves were getting bigger; the analysis said that, lately, cybercriminals have preferred to go after a smaller number of higher value targets versus large numbers of low-value ones. This strategy, which is termed “big game hunting” in their world, had been growing more popular over the last few years and, over 2023, grew more popular still.

At the same time, the report also pointed to the rise of, effectively, ransomware-as-a-service type networks where outsiders known as affiliates can access the malware to carry out attacks, and in exchange pay the strain’s core operators a cut of the ransom proceeds. This means a lower barrier to entry for less sophisticated players, which means a much greater quantity of attacks can be launched.

The analysis also noted the rise of what’s called Initial Access Brokers, who penetrate the networks of potential victims, then sell that access to ransomware attackers for as little as a few hundred dollars. There is a correlation between inflows to IAB wallets and an upsurge in ransomware payments, suggesting monitoring IABs could provide early warning signs and allow for potential intervention and mitigation of attacks.

Finally, it became easier to launder ill-gotten cryptocurrency. While centralized exchanges and mixers have been a factor for a while, this year saw the embrace of new services for laundering, including bridges, instant exchangers, and gambling services. The analysis says this is likely because authorities have moved to reinforce previously preferred methods.

“The ransomware landscape underwent significant changes in 2023, marked by shifts in tactics and affiliations among threat actors, as well as the continued spread of RaaS strains and swifter attack execution, demonstrating a more efficient and aggressive approach. The movement of affiliates highlighted the fluidity within the ransomware underworld and the constant search for more lucrative extortion schemes,” said the Chainalysis report.

Source link


National Cyber Security