According to a report by the cryptocurrency research firm Chainalysis, victims of hacking attacks paid a record $1.1 billion to assailants in 2023, marking a significant increase from the previous year. The report highlighted a resurgence of ransomware attacks, with cyber criminals targeting a wide range of organizations, including hospitals, schools, and major corporations.
In 2022, the total payments to criminal gangs following hacking attacks amounted to $567 million, indicating a significant increase in ransom payments in 2023. The report noted that “big game hunting” had become a feature of attacks, with a greater share of ransom payments exceeding $1 million as wealthier entities were targeted.
Ransomware attacks typically involve hackers infiltrating a target’s computer system and paralyzing it with malware, which encrypts files and makes them inaccessible. A new trend in attacks involves assailants extracting data from the IT system, such as staff or customer details, and demanding payment to unlock the files or delete their copy of the stolen data.
The report attributed the increase in ransom payments in 2023 to various factors, including the disruption of several ransomware groups in the previous year. One major hacker group, Conti, disbanded amid internal upheaval after an anonymous leaker sympathetic to Ukraine released 60,000 internal messages. Additionally, the FBI disrupted the Hive ransomware group by capturing its decryption keys and preventing victims from making $130 million in ransom payments.
Chainalysis also cited research showing a growth in the number of attackers and ransomware variants in 2023. According to cybersecurity firm Recorded Future, there were 538 new ransomware variants last year, indicating the emergence of new, independent groups. The emergence of new players such as the Clop group, responsible for the hack of the payroll provider Zellis, has further contributed to the increase in ransomware attacks.
The growth of “ransomware as a service,” in which malware is leased to criminals in exchange for a portion of the proceeds, has also fueled the rise in ransomware activity. Additionally, “initial access brokers” who sell vulnerabilities in the networks of potential targets to ransomware attackers have contributed to the increase in attacks.
Experts in the cybersecurity field have warned that the increase in ransomware attacks is expected to continue in 2024, with a continued focus on mass data exfiltration by threat actor groups. This trend holds the potential for even higher ransom payments by impacted companies.
Overall, the resurgence of ransomware attacks in 2023, coupled with the increase in ransom payments, highlights the growing threat posed by cyber criminals to organizations of all sizes. As the cyber landscape continues to evolve, it is crucial for businesses and institutions to prioritize cybersecurity measures to protect themselves against these increasingly sophisticated threats.