Global ransomware payments topped $1B last year with Russia-based groups blamed for a resurgence in attacks as they stop focusing on Ukraine

https://pixabay.com/illustrations/ransomware-cyber-crime-malware-2321110/
(Image credit: Pixabay (TheDigitalArtist))

The bad guys behind ransomware attacks clocked up over $1.1 billion in extorted winnings in 2023. So says Chainalysis, a blockchain data specialist with a particular interest in the subject given ransom payments are typically made in cryptocurrency.

News of 2023's peak could come as something of a surprise given that 2022 saw a significant dip in ransomware revenues, again according to Chainalysis. It estimates $567 million in payments in 2022, down from $983 million in 2021.

However, if you peruse Chainalysis reasoning for the 2022 dip, the resurgence of ransomware in 2023 makes sense. It's thought one major reason for the 2022 downturn was the war in Ukraine.

Put simply, the bad guy's were distracted away from generating cash for themselves in favour of politically motivated attacks in support of the Russian regime. In early 2022, for instance, the Russia-based ransomware group Conti reportedly issued a blog post expressing support for Putin's so-called special military operation and promising to strike at Russia's enemies with "all possible resources." 

Another factor in 2022's dip was the FBI's success in infiltrating ransomware group Hive. Chainalysis estimates that through the recovery of decryption keys and other knock-on effects, over $200 million in payments were likely averted.

But as the war in Ukraine has shifted from acute conflict to attritional slog, it seems Russian ransomware operatives have found time to get back to their usual fare of ripping off as many people and companies as possible.

The increase in the use of zero-day exploits is also said to be a factor in 2023's huge uptick in ransomware revenues. Chainalysis says they're particularly effective not only because the inherent vulnerabilities they present, but also because the victims may not use the compromised devices or software themselves.

"Zero-day exploits can be even more damaging if they affect software that is ubiquitous but not well-known to end users who are the ultimate victims of an attack, usually because the software is used primarily by vendors serving those end users,' Chainalysis reckons.

Your next upgrade

Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards

(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.

A more recent trend is the shift towards high-value targets and away from large volumes of smaller ransom payments. In mid 2021, the balance between ransom payments of $1 million or more and all other payments was roughly 50:50. But by the end of 2023, the $1m-plus ransoms were approaching 80% of payments.

Where this all ends is anyone's guess. Chalk it up as yet more evidence of how chaotic life is becoming in the digital age. If AI doesn't kill us all directly, we'll either be poverty stricken from all the ransomware payments or in a third world war sparked by social media-spread lies and AI-generated deepfakes.

Perhaps the only option is to stop reading the news. Except PC Gamer news, of course.

Jeremy Laird
Hardware writer

Jeremy has been writing about technology and PCs since the 90nm Netburst era (Google it!) and enjoys nothing more than a serious dissertation on the finer points of monitor input lag and overshoot followed by a forensic examination of advanced lithography. Or maybe he just likes machines that go “ping!” He also has a thing for tennis and cars.