Skip to content

Illustration by iStock; Security Management

Global Ransomware Payments Reached $1.1B in 2023

Ransomware payments are back with a vengeance. After a notable decrease in payments in 2022 (from $983 million to $567 million), cryptocurrency tracing firm Chainalysis found that ransomware attackers received $1.1 billion from their victims in 2023—the highest number ever observed.

“Although 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem,” a Chainalysis report said. “Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over $100 million.”

Chainalysis also noted that its figures are likely conservative estimates because tracking payments made in cryptocurrencies is challenging and takes time. The 2022 figure was revised up 24 percent last year as more information became available, for instance.

Why was 2022 a slow year for ransomware, though? Chainalysis cites a variety of factors, including the Russian war in Ukraine, which “disrupted the operations of some cyber actors but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.”

The year 2023 also brought significant transformations to ransomware, with a 49 percent increase in victims reported by ransomware leak sites, according to analysis by Palo Alto Networks. The surge of activity was driven by a variety of high-profile vulnerabilities and related zero-day exploits, which drove spikes in ransomware infections before defenders could update vulnerable software. At least 25 new ransomware groups emerged in 2023, indicating that ransomware is still an attractive and profitable criminal activity, the analysis said.

Leak site data indicated that manufacturing was the most affected industry by ransomware in 2023, followed by professional and legal, high-tech, and wholesale and retail organizations. Although ransomware is a global challenge, organizations based in the United States were primary targets; 47 percent of ransomware leak site posts in 2023 focused on U.S. victims.

The news isn’t all bad, though. A variety of ransomware groups didn’t make it through 2023, whether they were targeted by law enforcement or folded due to inexperienced actors.

“The crucial role played by international law enforcement agencies in 2023 cannot be overstated,” Palo Alto Networks noted. “Their increased collaborative efforts led to major successes in disrupting ransomware operations. These actions include providing decryption keys to victims, seizing infrastructure and arresting key threat actors. Law enforcement efforts destabilized notable ransomware groups and prevented them from earning as much money. The results forced affiliates to abandon these groups and seek more profitable alternatives.”

Learn more about cryptocurrency, ransomware, and money laundering in Security Management’s August 2023 coverage.