For many organizations and startups, 2023 has been a tough year financially, with companies struggling to raise money and others cutting back to survive. On the other hand, ransomware and extortion gangs had a record year for profits, if recent reports are anything to go by.
It’s not surprising when you look at the state of the ransomware landscape. Last year saw hackers continue to evolve their tactics to become tougher and more extreme in their efforts to pressure victims into paying their increasingly exorbitant ransom demands. This escalation of tactics, along with the fact that governments stopped banning ransom payments, led to 2023 becoming the most lucrative year for ransomware gangs.
The billion dollar cyber crime business
According new data from crypto forensics startup Chainalysisknown ransomware payouts nearly doubled in 2023 to surpass the $1 billion mark, calling the year a “big comeback for ransomware.”
That’s the highest number ever seen and nearly double the amount of known ransom payments recorded in 2022. But Chainalysis said the real number is likely much higher than the $1.1 billion in ransom payments it has seen so far moment.
However, there is a glimmer of good news. While 2023 was generally a critical year for ransomware gangs, others hacker-watchers noticed a drop in payouts towards the end of the year.
This decline is a result of improved cyber defenses and resilience, along with a growing sentiment that most victim organizations do not trust hackers to keep their promises or delete any stolen data they claim. “This has led to better guidance to victims and fewer payments for intangible safeguards,” according to ransomware recovery company Coveware.
Ransom record
While more ransomware victims refuse to line the hackers’ pockets, ransomware gangs compensate for this decrease in profits by increasing the number of victims they target.
Take the MOVEit campaign. This massive hack saw the prolific Russian-linked Clop ransomware gang massively exploit a never-before-seen vulnerability in the widely used MOVEit Transfer software to steal data from the systems of more than 2,700 victim organizations. Many of the victims are known to have paid the hacking group in attempts to prevent the publication of sensitive data.
While it’s impossible to know exactly how much money the massive hack generated for the ransomware group, Chainalysis said in its report that Clop’s MOVEit campaign raised over $100 million in ransom payments and accounted for nearly half of the total value of ransomware received in June and July. 2023 at the height of this massive hack.
MOVEit was by no means the only money-making campaign of 2023.
In September, casino and entertainment giant Caesars paid about $15 million to hackers to prevent the disclosure of customer data stolen during a cyber attack in August.
This multimillion-dollar payout perhaps shows why ransomware actors continue to make so much money: the Caesars attack just hit the news, while a subsequent attack on hotel giant MGM Resorts — which has so far cost the company $100 million for to recover – dominated the headlines for weeks. MGM’s refusal to pay the ransom led to the hackers releasing sensitive MGM customer data, including names, social security numbers and passport information. Caesars – outwardly at least – appeared largely unscathed, even if by its own admission it could not guarantee that the ransomware gang would delete the company’s stolen data.
Escalating threats
For many organizations like Caesars, paying the ransom demand seems like the easiest option to avoid a public relations nightmare. But as ransom money dries up, ransomware and extortion gangs are increasing interest and resorting to escalating tactics and extreme threats.
In December, for example, Hackers reportedly tried to pressure a cancer hospital into paying a ransom demand threatening to “stomp” her patients. Swatting incidents are based on malicious callers falsely claiming a fake real life threat, prompting the response of armed police officers.
We also saw the infamous Alphv (aka BlackCat) ransomware gang weaponize the US government’s new data breach disclosure rules against MeridianLink, one of the gang’s many victims. Alphv accused MeridianLink of allegedly failing to publicly disclose what the gang called a “significant breach that compromised customer data and operational information,” for which the gang took credit.
No ban on paying ransom
Another reason why ransomware continues to be profitable for hackers is that, although it is not being updated, there is nothing stopping organizations from paying – unless, of course, the hackers have been sanctioned.
To pay or not to pay the ransom is a controversial issue. Remediator ransomware Coveware suggests that if a ransom payment ban were imposed in the US or any other high-victimization country, companies would likely stop reporting these incidents to authorities, reversing the past cooperation between victims and law enforcement. The company also predicts that banning ransom payments will lead to the creation of a large illegal market for facilitating ransomware payments.
Others, however, believe that a blanket ban is the only way to ensure that ransomware hackers can’t continue to line their pockets — at least in the short term.
Allan Liska, threat intelligence analyst at Recorded Future, has long opposed a ban on ransom payments – but now believes that as long as ransom payments remain legal, cybercriminals will do whatever it takes to collect them.
“I’ve resisted the idea of blanket bans on ransom payments for years, but I think that needs to change,” Liska told TechCrunch. “Ransomware is getting worse, not only in the number of attacks, but also in the aggressive nature of the attacks and the groups behind them.”
“A ban on ransom payments will be painful and, if history is any guide, will likely lead to a short-term increase in ransomware attacks, but this appears to be the only solution that has any chance of long-term success at this point,” Liska said.
While more victims are realizing that paying hackers can’t guarantee the safety of their data, it’s clear that these financially motivated cybercriminals aren’t giving up their lavish lifestyles anytime soon. Until then, ransomware attacks will remain a major profit-making exercise for the hackers behind them.
Read more at TechCrunch:
