Ransomware gangs have experienced a surge in profitability during the first half of this year, raking in over $449 million from their victims, as reported by blockchain research firm Chainalysis. However, this staggering figure may underestimate the actual totals since it only accounts for the cryptocurrency wallets monitored by the firm.
Rapid Profit Growth and Future Projections
If the current trends persist, ransomware groups are projected to accumulate nearly $900 million by the end of 2023. This places them just $40 million shy of the peak reached in 2021, with a staggering $939.9 million.
Factors Fueling Resurgence
According to Eric Jardine, the cybercrimes research lead at Chainalysis, the resurgence of ransomware can be attributed to a combination of factors rather than a single driving force.
One significant factor is the return of “big game hunting,” where ransomware gangs target large corporations in the hope of securing massive ransoms. Additionally, the impact of the Russia-Ukraine War, which led to a decline in ransom earnings in 2022, is now diminishing as ransomware gangs return to their usual level of activity. Chainalysis highlighted that groups like Cuba ransomware had to shift their focus from financially motivated cyber intrusions to espionage and Ukraine-specific targets due to the conflict.
After a decline in 2022 compared to the previous year, ransomware revenue has rebounded in 2023, with an increase in attacks targeting both “large, deep-pocketed organizations” and smaller companies. Chainalysis charts demonstrate a rise in payments under $1,000 as well as payments exceeding $100,000. This indicates growth in ransomware payments across a broad spectrum.
Variations in Payment Sizes
Chainalysis’ research also examines the average ransom payment sizes associated with different ransomware groups. For instance, Dharma and Djvu have average ransom payments of $265 and $619, respectively.
On the other end of the spectrum, gangs such as Clop, AlphV/Black Cat, and Black Basta demand payments exceeding $750,000, and in some cases, even reaching millions. Notably, Clop stands out with an average payment size of $1.73 million and a median payment size of $1.94 million. The gang has gained global attention through its attacks using the popular MOVEit software, enabling them to steal data and extort numerous organizations.
Distinguishing Ransomware Strains
Chainalysis distinguishes between low-level ransomware-as-a-service strains like Dharma and Phobos, commonly employed in “pray and spray” attacks against smaller companies, and more sophisticated groups like BlackBasta and Clop, which specifically target larger organizations.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.