The amount of money recovered by ransomware attackers dropped significantly in the last half of last year, a study by Chainalysis shows. The final months of the past year helped push the annual amount down. In one year, ransom amounts collapsed by 35%, which is in stark contrast to the significant amounts earned by cybercriminals in 2023.
Less than $1 billion in ransoms last year
Last year, “attackers extorted $813 million from their victims”, the blockchain analysis firm explains. A year earlier, cybercriminals managed to make $1.25 billion by extorting money from businesses and individuals. The payments were obviously collected in cryptocurrencies.
Chainalysis experts initially attribute this collapse to the actions of law enforcement. Last year, authorities took down several gangs specializing in extortion, including the leader Lockbit. The number one ransomware has been temporarily out of service, which has resulted in a drop in attacks.
In addition, companies that have been victims of ransomware have learned that there is no point in complying with the hackers’ demands and paying a ransom. For years, cybersecurity experts have been advising victims to never pay. Paying a ransom does not guarantee that the hackers will not disclose the stolen data or provide the encryption key. Several studies show that affected companies no longer bother to pay the ransom.
Cybercriminals are afraid
In addition, cybercriminals are increasingly concerned that the ransom will be tracked by the authorities, supported by crypto experts. This is why “ransomware operators, primarily motivated by financial gain, are increasingly refraining from converting their funds, which could indicate a fear of being traced, identified and prosecuted by law enforcement agencies, made possible by crypto investigation tools such as those provided by Chainalysis,” Jacqueline Burns Koven points out.
The efforts of the authorities are in the process of “making ransomware less and less profitable for cybercriminals”, adds François Volpoet, Managing Director of Chainalysis in France, French-speaking Africa and Israel.
Change of strategy
In this context, hackers are forced to change their approach. According to Chainalysis, “many cybercriminals have changed their strategy”. Among the changes made is the use of "new ransomware variants," derived from "rebranded, leaked, or purchased code".
In addition, hackers have done everything they can to speed up their modus operandi. Now, "negotiations often begin within hours of data exfiltration". By moving as quickly as possible, hackers hope to convince the target to pay the ransom before thinking twice...
Source: Chainalysis
0 Comments