for many organizations 2023 was a tough year economically, with some companies struggling to raise funds and cutting staff to survive. Meanwhile, ransomware and extortion gangs had a record year of revenue, according to recent reports.
If you look at the current state of ransomware, that's not surprising. Over the past year, hackers have continued to evolve their tactics to become more sneaky and extreme in an attempt to pressure victims into paying increasingly exorbitant ransom demands. This escalation of tactics, and the fact that governments stopped short of banning ransom payments, made 2023 the most lucrative year for ransomware gangs yet.
Multi-billion dollar cybercrime business
Known ransomware payouts will nearly double to more than $1 billion in 2023, according to new data from crypto forensics startup Chaineries, calling the year “the great ransomware comeback.”
This is the highest number ever observed and nearly doubles the amount of known ransom payments tracked in 2022. However, Chainalysis said the actual number is likely much higher than the $1.1 billion in ransom payments confirmed so far.
However, there is some positive news. While 2023 was a bumper year for ransomware gangs overall, other hacker watchers observed a decline in payouts towards the end of the year.
This decline is due to improved cyber defenses and resilience, as well as a growing sentiment that most victim organizations do not trust hackers to keep their promises or delete stolen data as claimed. This is the result. According to ransomware remediation company Coveware, “This has resulted in better victim guidance and reduced intangible guarantee payments.”
Record-breaking ransom
While a growing number of ransomware victims refuse to line the hackers' pockets, ransomware gangs are compensating for this loss in revenue by increasing the number of victims they target.
Try the MOVEit campaign. In this massive hack, the prolific Russia-linked Clop ransomware gang exploited a slew of never-before-seen vulnerabilities in the widely used MOVEit Transfer software, resulting in over 2,700 victim organizations being compromised. Data was stolen from the system. Many of the victims are known to have paid money to hacker groups to prevent the release of sensitive data.
It's impossible to know exactly how much the ransomware group benefited from this mass hack, but Chainalysis said in a report that Klopp's MOVEit campaign resulted in more than $100 million in ransom payments. It said it accounted for almost half of the total ransomware received in June and July. 2023 is the peak of this mass hacking.
MOVEit wasn't the only campaign that made money in 2023.
Casino entertainment giant Caesars paid hackers about $15 million in September to prevent them from releasing customer data stolen in an August cyberattack.
This multi-million dollar payout probably shows why ransomware attackers continue to make huge profits. While the attack on Caesars made little news, the subsequent attack on hotel giant MGM Resorts (which has cost the company $100 million to recover so far) dominated headlines for weeks. After MGM refused to pay the ransom, the hacker leaked his MGM customer's sensitive data, including his name, social security number, and passport details. Caesars appeared largely unscathed, at least on the surface, even if, by its own admission, it could not guarantee that the ransomware gang would delete the company's stolen data.
escalating threat
For many organizations like Caesars, paying the ransom demand seems like the easiest option to avoid a public relations nightmare. But as ransom money dries up, ransomware and extortion gangs are raising the amount, resorting to escalating tactics and extreme threats.
In December, for example, hackers reportedly tried to coerce a cancer hospital into paying a ransom demand by threatening to “smash” patients. Swatting incidents rely on malicious callers faking fake real-world life threats, prompting armed police response.
We also saw the notorious Alphv (also known as BlackCat) ransomware gang weaponize the US government's new data breach disclosure rules against MeridianLink, one of the gang's many victims. did. Alphv accused MeridianLink of what the gang called a “serious breach of customer data and business information” and for allegedly not disclosing what it claimed was the gang's accomplishments.
Payment of ransom is not prohibited
Another reason why ransomware continues to be profitable for hackers is that, although it is discouraged, there is nothing stopping organizations from paying unless hackers are sanctioned.
To pay or not to pay a ransom is a controversial topic. Ransomware remediation firm Coveware believes that if ransom payment bans are imposed in the U.S. and other hard-hit countries, companies will stop reporting these incidents to authorities, and existing relationships between victims and law enforcement will be strengthened. This suggests that the cooperative relationship is likely to be reversed. The company also predicts that if ransom payments are banned, a large illegal market will form overnight to facilitate ransomware payments.
But some believe an outright ban is the only way to ensure ransomware hackers can't continue lining their own pockets, at least in the short term.
Allan Liska, a threat intelligence analyst at Recorded Future, has long opposed bans on ransom payments, but now as long as ransom payments are legal, cybercriminals will use any means necessary to collect the money. I think we will take the following steps.
“I've resisted the idea of a blanket ban on ransom payments for years, but I think that has to change,” Liska told TechCrunch. “Ransomware is getting worse, not just in terms of the number of attacks, but also the aggressiveness of the attacks and the groups behind them.”
“While banning ransom payments is painful and will likely lead to a short-term increase in ransomware attacks if history is any guide, it is the only way we can have long-term success on this issue. “The solution seems to be the “point,'' Liska said.
While more victims are realizing that paying hackers doesn't guarantee the safety of their data, it's clear that financially motivated cybercriminals aren't giving up their lavish lifestyles anytime soon. . Until then, ransomware attacks will continue to be a major money-making avenue for the hackers behind them.
Read more on TechCrunch: