For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by.
Key Takeaway
Ransomware gangs made record profits in 2023, with known ransom payments almost doubling to surpass the
billion mark. The escalation in tactics and the absence of a ban on ransom payments contributed to this lucrative year for cybercriminals.
The Billion-Dollar Cybercrime Business
According to new data from crypto forensics startup Chainalysis, known ransomware payments almost doubled in 2023 to surpass the $1 billion mark, calling the year a “major comeback for ransomware.” This escalation in tactics, along with the fact that governments have stopped short of banning ransom payments, led to 2023 becoming the most lucrative year yet for ransomware gangs.
Record-breaking Ransoms
While more ransomware victims are refusing to line the pockets of hackers, ransomware gangs are compensating for this drop in earnings by increasing the number of victims they target. The MOVEit campaign, for example, saw the prolific Russia-linked Clop ransomware gang mass-exploit a never-before-seen vulnerability in the widely used MOVEit Transfer software to steal data from the systems of more than 2,700 victim organizations.
Escalating Threats
As the ransom money dries up, ransomware and extortion gangs are upping the ante and resorting to escalating tactics and extreme threats. In December, hackers reportedly tried to pressure a cancer hospital into paying a ransom demand by threatening to “swat” its patients. Swatting incidents rely on malicious callers falsely claiming a fake real-world threat to life, prompting the response of armed police officers.
No Ban on Ransom Payments
Another reason ransomware continues to be lucrative for hackers is that while not advised, there’s nothing stopping organizations paying up — unless, of course, the hackers have been sanctioned. To pay or not to pay the ransom is a controversial subject. Ransomware remediator Coveware suggests that if a ransom payment ban was imposed in the U.S. or any other highly victimized country, companies would likely stop reporting these incidents to the authorities, reversing past cooperation between victims and law enforcement agencies.