3 min read
Ransomware payments hit an all-time high of 1.1 billion USD in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.
In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.
Still, it’s not all roses for ransomware gangs. Many top-tier groups are struggling to adapt to talent scarcity, Russia-Ukraine war fatigue and repeated disruptions by law enforcement. Let’s take a look at the state of ransomware security today.
In 2023, ransomware actors staged a major comeback. This included record-breaking payments and a substantial increase in the scope and complexity of attacks, according to a recent Chainalysis report.
In 2022, a major drop in attacks led to a 416 million USD decline in ransoms paid (a total of 567 million USD) compared to 2021. But in 2023, ransomware attacks surged to establish a new record in ransoms paid at 1.1 billion USD.
As per Chainalysis, reasons for the 2022 decline include the Ukraine War, as some cyber actors diverted their actions toward political motives rather than financial ones. Another factor includes an increasing trend of victims’ reluctance to pay ransoms. Finally, the takedown of ransomware groups, such as the massive Hive variant, also put a damper on malicious activity in 2022.
Meanwhile, factors that contribute to the growing total ransomware payments seen in 2023 include:
Although the dollar totals are rising, some ransomware groups have actually been struggling lately. According to Marley Smith, Principal Threat Researcher at RedSense, many RaaS groups must recruit highly skilled (and scarce) contractors to access the penetration testing talent required to carry out attacks against large targets. “Things are just getting increasingly complex and almost desperate in terms of the ability to continue operations,” Smith said.
Meanwhile, Yelisey Bohuslavskiy, Co-Founder and Chief Research Officer at RedSense, says that many ransomware practitioners live “really traumatized” lives due to the Russia-Ukraine war. “The top-tier ransomware groups consist of Russians, Belarusians and Ukrainians, and half of them are now in this very strange situation when they still know each other and chat constantly. But their countries are at war, and they need to figure out how to work together while being at war.”
Industry newsletter
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.
Winning the war against ransomware requires the right technology as well as a collaborative effort between law enforcement, product makers and organizations. If companies don’t do their part, such as being alert for social engineering attacks and phishing attempts, it’s impossible to stop ransomware. But things are changing. Enterprises are no longer getting completely devastated by data encryption attacks. And it’s not uncommon for victims to recover their ransomware payments.
In 2021, the U.S. Treasury established reporting requirements that victims of ransomware should follow. As per Coveware, after these guidelines were released, completing due diligence before any payment has become a normal best practice within the incident response industry. Reporting was also not a regular best practice until after the release of the guidelines. The U.S. Treasury guidelines sparked an increase in reporting to law enforcement. They also created a diligence framework and standard for how victims could avoid paying a sanctioned actor.
Many entities, including IBM, strongly advise against paying ransomware. Instead, follow best practices, check out IBM’s Definitive Guide to Ransomware and keep your shields up.
