Ransomware Payments Declined in 2022 as Victims Get Tougher and Smarter, Chainalysis Report Shows

By Matthew Leising

Is the tide turning on cybercriminals?

News
Ransomware Payments Declined in 2022 as Victims Get Tougher and Smarter, Chainalysis Report Shows

Cybercrime victims are getting tougher and smarter as the amount of ransomware money paid in 2022 fell by 40.3 percent, according to new research by blockchain forensics firm Chainalysis.

Data from cybersecurity firm Fortinet showed the total number of ransomware attacks topped 10,000 in the first half of 2022, yet the amount of cryptocurrency paid declined as more victims refused, according to Chainalysis. For money laundering purposes after attackers do collect ransom from their victims, Chainalysis said the majority of those digital funds were sent to “mainstream, centralized exchanges.” A high of $766 million was extorted by ransomware in 2021 with that total falling to $457 million last year, Chainalysis said. (The total will likely increase as more illicit wallets are uncovered.)

source: Chainalysis

“The trend is clear: Ransomware payments are significantly down,” Chainalysis said. “However, that doesn’t mean attacks are down, or at least not as much as the drastic drop off in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.”

The ransomware report follows findings released last week that cryptocurrency activity associated with illicit activity has risen for the first time since 2019, from 0.12% in 2021 to 0.24% in 2022, or a miniscule amount in the grand scheme of things.

The section is part of the firm’s larger 2023 Crypto Crime Report, which will be released next month. It reads in parts as revealing and in others as darkly comic. For example, Ransomware-as-a-Service (Raas) has become a thing in recent years, “in which the developers of a ransomware strain allow other cybercriminals, known as affiliates, to use the administrator’s malware to carry out attacks in exchange for a small, fixed cut of the proceeds.” Glad to see the crooks are paying attention to SaaS modeling, those uppity bastards.

On the other hand, it seems politics and some kind of weird ethics may effect how ransomware gangs succeed or fail. One such victim was a ransomware gang known as Conti, which took in more loot than any other in 2021.

“In February, immediately following Russia’s invasion of Ukraine, the Conti team publicly announced its support for Vladimir Putin’s government,” the report said. “Soon after, a cache of Conti’s internal communications leaked, and indicated connections between the cybercrime organization and Russia’s Federal Security Service (FSB).” That led many of Conti’s victims to not pay it because the FSB is a sanctioned entity and in May, Conti shut down.

source: Chainalysis

It also appears that cyber insurance firms are having a positive impact on reducing ransomware attacks by ensuring their policyholders have strict protocols in place.

“Today, companies have to meet stringent cybersecurity and backup measures to be insured for ransomware coverage,” said Michael Phillips, chief claims officer of cyber insurance firm Resilience, according to the Chainalysis report. “These requirements have proven to actively help companies bounce back from attacks rather than pay ransom demands.” 

In the past three years the percentage of companies that fall victim to ransomware that end up paying off their attackers has fallen dramatically, according to Bill Siegel of Coveware, who provided Chainalysis with statistics. “The trend is highly encouraging — since 2019, victim payment rates have fallen from 76% to just 41%,” Chainalysis said. “One big factor is that paying ransoms has become legally riskier, especially following an OFAC advisory in September 2021 on the potential for sanctions violations when paying ransoms.”