For many organizations and startups, 2023 was a difficult year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record year for profits, if recent reports are anything to go by.
It's not surprising when you look at the state of the ransomware landscape. Last year, hackers continued to evolve their tactics to become more ruthless and extreme in their efforts to pressure victims into paying their increasingly exorbitant ransom demands. This escalation of tactics, coupled with the fact that governments have stopped short of banning ransom payments, led to 2023 becoming the most lucrative year yet for ransomware gangs.
The multi-billion dollar cybercrime business
According to new data from forensic crypto startup Chainalysis Known ransomware payouts nearly doubled in 2023 to surpass the $XNUMX billion mark, calling the year a “major ransomware comeback.”
It's the highest figure ever and nearly double the number of known ransom payments in 2022. But Chainalysis said the real figure is likely much higher than the $1.100 billion in ransom payments that have been submitted so far.
However, there is a glimmer of good news. While 2023 was overall an excellent year for ransomware gangs, others hacker watchers noted a drop in payments towards the end of the year.
This drop is a result of improving cyber defenses and resilience, along with the growing sentiment that most victim organizations do not trust hackers to keep their promises or remove malware. stolen data as they claim. "This has led to better counseling for victims and fewer payments for intangible collateral," according to the Coveware ransomware remediation company.
Unprecedented rescues
While more ransomware victims refuse to line hackers' pockets, ransomware gangs are making up for this drop in profits by increasing the number of victims they target.
Take the MOVEit campaign for example. In this massive attack, the prolific Russian-linked Clop ransomware gang mass-exploited a never-before-seen vulnerability in the widely used MOVEit Transfer software to steal data from the systems of more than 2.700 victim organizations. Many of the victims are known to have paid the hacking group in an effort to prevent the publication of sensitive data.
While it's impossible to know exactly how much money the massive attack generated for the ransomware group, Chainalysis said in its report that Clop's MOVEit campaign racked up more than $100 million in ransom payments and accounted for nearly half of the entire value of the ransomware. ransomware received in June and July. 2023 during the height of this massive hack.
MOVEit was by no means the only profitable campaign of 2023.
In September, casino and entertainment giant Caesars paid approximately $15 million to hackers to prevent the disclosure of customer data stolen during a cyberattack in August.
This multimillion-dollar payout perhaps illustrates why ransomware actors continue to make so much money: The Caesars attack barely made the news, while a subsequent attack on hotel giant MGM Resorts (which has so far cost the company $100 million to recover from) dollars) dominated the headlines for weeks. MGM's refusal to pay the ransom led to hackers releasing sensitive data of MGM customers, including names, Social Security numbers, and passport details. Caesars, at least on the surface, seemed largely unscathed, even though, by its own admission, it couldn't guarantee that the ransomware gang would delete the company's stolen data.
Growing threats
For many organizations, like Caesars, paying the ransom demand seems like the easiest option to avoid a public relations nightmare. But as ransom money dries up, ransomware and extortion gangs are upping the ante and resorting to ever-increasing tactics and extreme threats.
In December, for example, Hackers reportedly attempted to pressure a cancer hospital into paying a ransom demand. threatening to “crush” their patients. Swating incidents are based on malicious calls that falsely claim a false threat to life in the real world, prompting a response from armed police officers.
We also saw the notorious Alphv ransomware gang (known as BlackCat) weaponize the US government's new data breach disclosure rules against MeridianLink, one of the gang's many victims. Alphv accused MeridianLink of allegedly failing to publicly disclose what the gang called “a significant breach that compromised customer data and operational information,” for which the gang took credit.
No ban on ransom payments
Another reason ransomware remains lucrative for hackers is that, although it is not recommended, there is nothing stopping organizations from paying, unless, of course, the hackers have been sanctioned.
To pay or not to pay the ransom is a controversial issue. Ransomware remediator Coveware suggests that if a ban on ransom payments were imposed in the US or any other highly victimized country, companies would likely stop reporting these incidents to authorities, reversing past cooperation between companies. victims and law enforcement agencies. The company also predicts that a ban on ransom payments would lead to the overnight creation of a large illegal market to facilitate ransomware payments.
Others, however, believe that a blanket ban is the only way to ensure that ransomware hackers can't continue lining their pockets, at least in the short term.
Allan Liska, a threat intelligence analyst at Recorded Future, has long opposed banning ransom payments, but now believes that as long as ransom payments remain legal, cybercriminals will do whatever it takes to collect them.
“I have resisted the idea of blanket bans on ransom payments for years, but I think that has to change,” Liska said. "Ransomware is getting worse, not only in the number of attacks but in the aggressive nature of the attacks and the groups behind them."
“Banning ransom payments will be painful and, if history is any guide, will likely lead to a short-term increase in ransomware attacks, but it appears this is the only solution that has a chance of long-term success in right now,” Liska said.
While more and more victims realize that paying hackers cannot guarantee the security of their data, it is clear that these financially motivated cybercriminals will not be abandoning their lavish lifestyles anytime soon. Until then, ransomware attacks will remain a major money-making exercise for the hackers behind them.
