09 Feb, 2024

Ransomware

Ransomware Payments Surpassed $1 Billion in 2023: Analysis
Article Image
The payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. By Eduard Kovacs

The payments made by victims of ransomware attacks doubled in 2023 compared to the previous year, exceeding $1 billion, according to blockchain analysis firm Chainalysis.

The company has looked at the cryptocurrency wallets known to be used by cybercrime groups to receive ransom payments from victims and found a total of $1.1 billion, up from $557 million in 2022. 

It’s worth noting that these amounts are “conservative estimates” and they may increase as new cryptocurrency wallet addresses are identified. For instance, when it published its 2022 report, Chainalysis only identified $457 million in ransom payments, but that number has since gone up by $100 million. The number for 2021 increased from $766 million to $983 million over the past year.



It’s also worth pointing out that these figures only represent the actual ransom payments, not other damages suffered by companies hit by ransomware. 

Chainalysis highlighted in its report for 2022 that ransomware payments had dropped, attributing it to the increasing use of data backups, cyberinsurance policy changes, and fear of sanction violations. 



Now the company says 2022 was an anomaly, not a trend, and 2023 was a record high. 

“In 2023, the ransomware landscape saw a major escalation in the frequency, scope, and volume of attacks,” Chainalysis said.

The number of threat actors involved in ransomware attacks increased in 2023, with threat intelligence firm Recorded Future seeing 538 new ransomware variants. In addition, cybercriminals are making more money due to increasingly focusing on big game hunting, which involves targeting high-value organizations from which they can demand bigger ransom payments. 

Ransomware-as-a-service, where affiliates get many of the resources they need from the ransomware operators, has been making it increasingly easy to carry out attacks. In addition, initial access brokers (IABs) have also made it easier for cybercriminals to conduct data theft and file-encryption attacks.