Ransomware payments soared in 2023 to a new record says Chainalysis

Ransomware attacks grew larger in scope and more complex last year, resulting in record high payments that defied the previous year’s lull.

A recent analysis from blockchain data platform Chainalysis found that in 2023 people paid $1.1 billion worth of cryptocurrency for ransomware payments, the highest sum since at least 2019, when it was a “mere” $220 million. The 2023 figures stand in contrast to 2022’s $567 million, which represented a sudden unexpected drop.

Chainalysis said this shows the previous year was more of an aberration than a new normal, fueled by geopolitical factors such as the Russian invasion of Ukraine. This conflict not only disrupted operations for certain actors, but the remaining ones shifted their focus from financial gain to politically motivated cyberattacks that steal information and wreak havoc. Other factors at play included a reluctance among western entities to pay ransoms to groups due to potential sanction risks, as some are linked to Russian intelligence agencies. There were also successful high-profile operations against the Hive ransomware network.

This was only a temporary lull, however, as ransomware attacks have since come roaring back. There were 538 new ransomware variants in 2023, pointing to the rise of new, independent groups. Ransoms have also been growing bigger; the analysis found that cybercriminals have increasingly preferred to go after a smaller number of higher value targets versus large numbers of low-value ones. This strategy, which is termed “big game hunting” in their world, had been growing more popular over the last few years and, over 2023, grew more popular still.

The report also pointed to the rise of, effectively, ransomware-as-a-service type networks where outsiders known as affiliates can access the malware to carry out attacks, and in exchange pay the strain’s core operators a cut of the ransom proceeds. This means a lower barrier to entry for less sophisticated players, which means a much greater quantity of attacks can be launched.

The analysis also noted the rise of what’s called Initial Access Brokers, who penetrate the networks of potential victims, then sell that access to ransomware attackers for as little…