Ransomware payments saw a significant decline of over 40% in 2022 compared to the previous year, as reported by Chainalysis in their latest findings. The blockchain analysis firm revealed that ransomware attackers managed to extort $456.8 million from victims in 2022, a notable drop from $765.6 million in 2021 and $765 million in 2020. Although these figures may not reflect the complete picture due to unidentified cryptocurrency addresses controlled by ransomware attackers, the trend of decreasing ransomware payments is evident.
Jackie Koven, head of cyber threat intelligence at Chainalysis, expressed surprise and optimism at the declining trend in ransomware payments. She stated, “After two years of growth in terms of ransomware revenue, we were surprised and encouraged to see that payments are decreasing. We hope to see this trend continue in 2023.”
One of the primary reasons for the reluctance of victim organizations to pay ransom demands is the increasing government pressure and implications associated with making such payments. Following the Russia-Ukraine conflict, where many ransomware gangs were linked to the Russian state, organizations became wary of paying extortion demands. For instance, Conti, a ransomware group that publicly supported the Kremlin’s invasion, faced repercussions when internal data leaks revealed its ties to Russia’s Federal Security Service (FSB). The sanctions imposed on entities like the FSB have made ransom payments riskier for victims.
Moreover, governments have taken steps to make ransom payments legally precarious, although not entirely outlawing them. The US government has issued advisories warning organizations about the consequences of paying cyber actors operating under economic sanctions. Additionally, the role of cyber insurance has played a significant role in organizations refraining from making ransom payments. Insurance firms are becoming stricter in covering ransom payments and are demanding enhanced cybersecurity measures from their clients to mitigate the risk of ransomware attacks.
The evolving tactics of ransomware gangs have also contributed to the changing landscape of ransomware attacks. Despite the decrease in revenue, the number of unique ransomware strains in operation surged in 2022. However, a small group of strains received the majority of ransomware revenue. Threat actors are constantly rebranding ransomware strains to evade detection, with the average lifespan of a ransomware strain decreasing significantly in 2022. Furthermore, cyber-criminals are shifting towards exfiltration-based extortion strategies to coerce organizations into paying up.
The report also highlighted the thriving ransomware-as-a-service (RaaS) model, where developers provide affiliates with malware to carry out attacks in exchange for a share of the proceeds. This model is expected to continue in 2023, fueling the underground economy that facilitates ransomware attacks. Overall, the findings indicate a positive trend towards reducing ransomware payments through a combination of government pressure, stricter insurance policies, and evolving cybercrime tactics.