For most organizations and start-ups, the fiscal year of 2023 proved to be an arduous journey. Numerous businesses faced hardship on the financial front, engaging in tight-budget maneuvers like making cuts just for survival and struggling to pull investments. Equivalently, for finance-driven cybercriminals, particularly ransomware and extortion gangs, earnings reached a record-breaking milestone in 2023 according to recent report estimates.
This exponential increase in earnings can be partly attributed to hackers’ progressively evolved strategies, designed to extort a more hefty ransom from their victims. While governments didn’t impose an absolute ban on ransom payouts, the absence of any regulations further contributed to the hefty earnings of ransomware gangs, making 2023 their most lucrative year to date.
A startup specialized in crypto forensics: Chainalysis, presented data stating that the payments made for ransomware in 2023 had almost doubled compared to the previous year, crossing the $1 billion threshold, making 2023 a year of significant recovery for ransomware activities. However, the actual figures may be considerably higher than the $1.1 billion in ransom tracked by Chainalysis.
Although 2023 seems to be overwhelmingly positive for ransomware gangs’ financial health, the observation of a descent in ransom payments towards the closing months of the year poses a bright spot. This dip likely owes its existence to advancements in cyber defense and resilience, coupled with the increasing lack of trust toward cybercriminals on part of victim organizations. Many victims prefer not to pay because they do not believe promises that the hackers would delete stolen data.
Interestingly, the decline in victims yielding to ransom demands is offset by an upswing in the number of targets for ransomware gangs. For instance, the MOVEit campaign, orchestrated by Russian-linked Clop ransomware gang, exploited a novel vulnerability in the widespread MOVEit Transfer software. This enabled them to extract data from more than 2,700 victimized organizations. Chainalysis spotted a considerable payout, over $100 million during June and July 2023, by many victims to prohibit the hackers from leaking their critical data.
Despite the improving resilience, some companies still choose to pay the demanded ransom to prevent public damage to their reputation. With the declining income from ransom, ransomware and extortion gangs are amplifying their threats. Reports surfaced of hackers, in December, attempting to force a cancer hospital to meet their ransom demands by using a new tactic known as “swatting”.
Currently, no regulation on making ransom payments exist, making ransomware a popular choice among cybercriminals. While Coveware suggests a potential obverse shift in cooperation between authorities and victims if a ransom payment ban were to be enforced, some experts disagree. Allan Liska, from Recorded Future, argues that only a blanket ban can halt the filling of these cybercriminals’ wallets.
Year after year, the aggressive assault by financially motivated cybercriminals continues to escalate. As long as ransom payments are allowed, cybercriminals will remain zealous in their pursuit of taking advantage of weaknesses in the cyber world, even as more victims learn that paying the ransom doesn’t guarantee their stolen data’s safety.