Ransomware gangs have managed to rake in millions of dollars through their attacks, despite a decline in the encryption of victims’ data. Cryptocurrency analytics firm Chainalysis revealed in a recent study that ransomware actors extorted at least $449.1 million in the first half of this year alone, which is a significant increase of $175.8 million compared to the same period in 2022. While other forms of cybercrime, such as scams, have seen a decline of 65% in illicit payments this year, ransomware payments have surged.
The rise in total ransomware payments comes after Chainalysis observed a notable decrease in ransomware payments in 2022, dropping from $766 million in 2021 to $457 million. The company attributed the decline to fewer victims choosing to pay the ransom, as well as the impact of law enforcement actions and sanctions against cryptocurrency exchanges that facilitate ransomware payments and other illicit activities.
Chainalysis explained in its report that the resurgence of big game hunting, which involves targeting large organizations with deep pockets for ransomware attacks, has contributed to the reversal in fortune for ransomware gangs. Additionally, the number of successful small attacks has also grown, further boosting the cybercriminals’ profits.
The report also mentioned the influence of Russia’s invasion of Ukraine in February 2022 on the decline in ransomware payments and overall threat activity last year. The conflict likely displaced ransomware operators and diverted their focus away from financially motivated cyber intrusions, according to Chainalysis.
Kivu Consulting, a cybersecurity firm based in Berkeley, California, supported Chainalysis’ findings, reporting a sharp increase in ransomware payments in 2023. Andrew Davis, Kivu’s general counsel and risk officer, noted that his company had observed extremely high initial demands this year, along with increasingly aggressive extortion tactics employed by ransomware gangs. These tactics include harassment of organizations’ employees, which may be a response to the decline in victims opting to pay ransoms.
Chainalysis also highlighted the activities of prominent ransomware groups like Clop and Black Basta. These well-established gangs, known for being selective with their targets, have been particularly active this year. They have shifted their focus toward larger organizations to secure bigger payouts. Clop, for instance, recorded the highest average ransomware payment of $1,730,486, along with a median payment of $1,946,335 among the listed ransomware groups.
Recently, the Clop ransomware gang attracted attention by launching extortion attacks on organizations using Progress Software’s MoveIt Transfer product. Exploiting a zero-day vulnerability in MoveIt Transfer, a threat actor associated with Clop breached numerous customers and stole confidential data, without deploying ransomware. Although Clop listed over 250 victims on its data leak site, it remains unclear how many victims have actually paid ransoms and at what amount.
This incident highlights a growing trend in the threat landscape, where cybercriminals are opting to steal and extort sensitive data without resorting to ransomware. Security vendors, such as CrowdStrike, have noticed a noticeable shift toward malware-free data theft attacks. Attackers are employing this strategy to evade improved threat detection technologies and stronger enterprise security measures.
Chainalysis focused on tracking overall cryptocurrency payments to specific ransomware groups, so it is unknown how many attacks involving only data theft have resulted in extortion payments. Nonetheless, the staggering amounts extorted by ransomware gangs indicate that they continue to pose a significant threat to organizations and their data security.