Ransomware Payments Hit Record $1 Billion in 2023: Chainalysis

Chainalysis Ransomware Ransomware-as-a-Service
Last updated:
Journalist
Journalist
Hassan Shittu
Author Categories
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Criminals made off with a staggering $1 billion in cryptocurrency ransomware payments in 2023, per the latest insights from Chainalysis’ 2024 “Crypto Crime Report.”The report highlights a surge in sophisticated attacks targeting high-profile institutions and critical infrastructure, with significant supply chain breaches occurring through widely-used file transfer software MOVEit. Notable victims included household names like the BBC and British Airways, emphasizing the far-reaching impact of these cyber assaults.

Ransomware Payments Surge in 2023 Despite Previous Year’s Decline

The surge in ransomware payments in 2023 represents a stark reversal from the decline observed in 2022. The previous year’s decrease in ransomware activity was attributed to various factors, including geopolitical events such as the Russian-Ukrainian conflict, which shifted cyber actors’ focus towards politically motivated cyberattacks.The FBI’s infiltration of Hive prevented approximately $130 million in ransom payments and significantly altered the ransomware landscape in 2022. Statistical models estimate that the Hive intervention may have averted at least $210.4 million in ransomware payments during the six months of FBI infiltration.One contributing factor to the resurgence of ransomware in 2023 was the escalation in the frequency, scope, and volume of attacks. Various actors carried out these attacks, ranging from individuals and small criminal groups to large syndicates.Chainalysis, drawing insights from cybersecurity firm Recorded Future, documented 538 new ransomware variants in 2023, illustrating the dynamic landscape of criminal strategies. The report sheds light on ransomware groups like CL0P, employing a “big game hunting” approach and leveraging zero-day vulnerabilities to extort large payments from deep-pocketed victims through data exfiltration.Ransomware groups like Phobos are capitalizing on a lucrative business model called Ransomware-as-a-Service (RaaS). This scheme allows criminal affiliates access to sophisticated malware to execute attacks, with the core operators reaping a percentage of the ransom proceeds.According to Chainalysis, this model primarily targets smaller entities with lower ransom demands, banking on the volume of smaller attacks to amplify financial gains.Moreover, ransomware attackers are adept at rebranding and creating overlapping strains to distance themselves from past identifications linked to sanctions and law enforcement investigations. Chainalysis utilizes blockchain analysis to illustrate on-chain connections between wallets associated with ransomware strains.

Ransomware-as-a-Service Model Thrives as Cyber Threats Evolve

One significant contributing factor to high-impact ransomware incidents in 2023 was the exploitation of zero-day vulnerabilities. These attacks exploit security weaknesses in a company’s services, systems, products, or applications before developers can patch them.An illustrative case of this was CL0P’s exploitation of the file transfer software MOVEit in 2023. MOVEit, widely used in IT and cloud applications, exposed the data of hundreds of organizations and millions of users. This campaign propelled CL0P to the forefront of the ecosystem, culminating in over $100 million in ransom payments in June and July 2023 alone, accounting for nearly half of the total ransomware value.The proliferation of ransomware attacks was further enabled by the rise of Initial Access Brokers (IABs), who sell access to potential victims’ networks to ransomware attackers. Chainalysis discovered a correlation between funds flowing into IAB wallets and increased ransomware payments, suggesting that monitoring IABs could offer early indicators for potential intervention and mitigation of attacks.The movement of ransomware funds provided insights into the methods and services used by threat actors for laundering proceeds. The combination of IABs and readily available Ransomware-as-a-Service (RaaS) platforms has lowered the technical barrier for conducting successful attacks, according to the findings of the on-chain sleuth firm.While centralized exchanges and mixers remained popular, new services like bridges, instant exchangers, and gambling services saw increased adoption, possibly due to disruptions in preferred laundering methods and stricter AML/KYC policies.According to the report, despite the challenges posed by ransomware, 2023 also saw significant victories in the fight against it, with collaboration between international law enforcement, affected organizations, cybersecurity firms, and blockchain intelligence. Proactive engagement from law enforcement agencies, exemplified by the Hive takedown and the disruption of BlackCat, demonstrated a stronger, more determined approach to aiding victims and tracking down cybercriminals.

More Articles

Press Releases
Wall Street Pepe Price Prediction: $WEPE Claim and Uniswap Listing Set for Next Monday
2025-02-12 17:13:25
Press Releases
First Solana Layer-2 Solaxy Rolls Past $20M in Presale Following Developer Updates
2025-02-12 17:00:24
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors