In 2023, ransomware payments surged to over $1.1 billion, a significant increase from previous years, indicating a highly profitable period for ransomware groups. This uptick reversed the decline observed in 2022 and surpassed the previous record set in 2021. Despite 2022 being considered a statistical anomaly due to geopolitical events and law enforcement actions, ransomware activity rebounded strongly in 2023.
Chainalysis’s report attributes the record-breaking ransomware payments to intensified attacks on major institutions and critical infrastructure, as well as the widespread impact of campaigns like Clop’s massive MOVEit campaign. The report also identifies prominent threat groups, including ALPHV/Blackcat, Clop, Play, LockBit, BlackBasta, Royal, Ransomhouse, and Dark Angels, which employed various strategies to maximize ransom payments.
Ransomware groups adapted to changing dynamics by adopting tactics like “big game hunting,” targeting large organizations for substantial ransom demands instead of numerous smaller victims. Additionally, some groups increased their attack frequency to compensate for fewer paying victims. Despite efforts by law enforcement to disrupt ransomware operations and a decline in victims opting to pay ransoms, 2023 remained profitable for ransomware gangs.
Moving forward, the report highlights the importance of continued vigilance and efforts to discourage ransom payments, emphasizing the need for victims to resist extortion demands. While there’s hope that the trend of refusing ransom payments will continue and potentially intensify, sustained collaboration and proactive measures are essential to combat ransomware effectively.