Revenue for cybercrime gangs declines as victims decline to pay

According to analysts, victims are refusing to pay ransoms, which has resulted in a 40% decline in revenue for cybercrime groups.

Ransomware gangs demanded at least $457 million (£370 million) from victims in 2022, according to cryptocurrency analysts at Chainalysis – $311 million less than the previous year.

The actual numbers are probably higher, but experts concur that there are fewer victims making payments.

The number of attacks is increasing, despite the decline in illicit revenue.

Hackers using ransomware frequently target businesses, governments, educational institutions, hospitals, and even more, locking off workers until a ransom is paid, typically in Bitcoin.

Threats by hackers to sell or publish stolen data are common.

The Guardian newspaper, Royal Mail, and Sick Kids Canadian Children’s Hospital are a few recent high-profile victims.

Although Russian officials deny their country is a refuge for the gangs, it is believed that many ransomware teams are located there.

keeping track of bitcoin wallets
Chainalysis analysts keep tabs on the money entering and leaving Bitcoin wallets that are known to be used by ransomware groups.

Because hackers are likely to use other wallets as well, researchers claim that the illegal proceeds will be substantially higher than those they can currently observe.

However, the business claims that a definite trend exists: payments for ransomware are drastically declining.

Coveware’s Bill Siegel, who specializes in negotiating with hackers, concurs.

His clients are reluctance to cave in to hackers, who might demand millions of dollars, is growing.

According to him, 41% of his clients paid ransoms in 2022 as opposed to 70% in 2020.

Although paying ransoms to hackers has not been deemed illegal by any countries, Mr. Siegel and other cyber-experts believe that US sanctions on hacker groups and those linked to Russia’s Federal Security Service have made paying some groups’ demands problematic from a legal standpoint.

If there is even the slightest suggestion of a connection to a sanctioned body, Mr. Seigel stated, “We refuse to pay ransoms.”

There may be more factors at work, such as a rise in ransomware knowledge that improves cyber-security within organizations.

According to Brett Callow, a threat researcher at the cyber-security firm Emsisoft, ransomware assaults are becoming more difficult for hackers to profit from.

Businesses are now more adept at safeguarding their backups, which lowers the need for them to pay hackers for data recovery, he continued.

Additionally, because ransomware assaults are now so widespread, businesses are less likely to suffer a PR catastrophe, which makes them less willing to pay to keep occurrences under wraps and out of the headlines.

Attacks are increasing.
Despite the decline in revenue, 2022 saw a sharp rise in the number of distinct ransomware variants reportedly employed in assaults.

In the first half of 2022, there were more than 10,000 different forms of harmful software active, according to research from the cyber-security company Fortinet.

Attacks increased last year, possibly as a result of enforcement operations, mostly by US authorities, which led to the dissolution of some of the biggest ransomware organisations.

In a worldwide police investigation in November 2021, suspected members of the REvil gang were detained, and in a so-called “claw back” hacking operation, US authorities were able to recover more over $6 million in cryptocurrencies.

It came after a similar US operation in June 2021 that took down the Darkside gang and recovered $4.1 million in stolen money.

These tactics are believed to have weakened gang confidence and may have driven criminals to operate in smaller groupings.

The amount of smaller attacks by criminals appears to be increasing rather than targeting large Western targets, or “big-game hunting,” where substantial payouts are more possible.

Big-game hunting may have become more difficult, but it is still gratifying, according to Jackie Burns Koven, Chainalysis’ chief of cyber-threat intelligence.

She issues a warning that ransomware is still incredibly profitable and that smaller businesses should be even more watchful as hackers widen their net in an effort to get paid.

Leave a Reply

Your email address will not be published. Required fields are marked *