The Surge in Ransomware Attacks Continues Unabated
Jul 16, 2023

In spite of the concerted global efforts by law enforcement to combat ransomware attacks, recent data indicates a troubling increase in both the frequency and severity of such incidents in 2023. Cryptocurrency tracing firm Chainalysis has revealed that victims have paid ransomware groups a staggering $449.1 million during the first half of this year alone. Comparatively, the entire year of 2022 saw payments amounting to less than $500 million. Should this trend persist, the total figure for 2023 could reach a staggering $898.6 million, making it the second-highest revenue-generating year for ransomware attacks, surpassed only by the record-setting year of 2021, when attackers extorted $939.9 million from victims.

These findings align with observations made by various researchers, who have noticed a significant spike in the number of attacks this year. Additionally, ransomware groups have become increasingly audacious, openly threatening to release sensitive and potentially damaging stolen information. In a recent incident targeting the University of Manchester, hackers directly contacted students via email, disclosing the theft of seven terabytes of data and demanding payment to prevent the publication of personal information and research materials.

Chainalysis’ Head of Cyber Threat Intelligence, Jackie Burns Koven, attributes the shift in tactics to budgetary shortfalls experienced by ransomware groups in 2022. This financial strain likely prompted the adoption of more extreme extortion techniques. However, the decline in attacks and payments during 2022 was also influenced by improved security measures, greater preparedness, the availability of decryption tools, and the disruptive impact of Russia’s invasion of Ukraine on the day-to-day operations of prominent ransomware groups based in Russia.

Despite ongoing advancements in defensive strategies and government deterrence initiatives, researchers at Chainalysis suspect that the evolving state of the Russia-Ukraine conflict plays a significant role in the increased ransomware activity of 2023. The impact of this conflict on the location and actions of threat actors remains a subject of speculation. Chainalysis remains cautious in its approach, continuously updating its data as new information about historic transactions emerges. However, researchers acknowledge the inherent difficulty in accurately quantifying the scope of ransomware attacks or the total amount of payments, given the limited available information. Pia Huesch, a research analyst at the Royal United Services Institute, emphasizes that companies still hesitate to disclose attacks, fearing damage to their reputation.

In May, officials from the UK’s National Cybersecurity Center and the Information Commissioner’s Office expressed growing concern about underreported ransomware attacks and the resulting ransom payments. They cautioned that the number of attacks would only increase if incidents were covered up. Pia Huesch further notes that cybercriminals still perceive the benefits of engaging in such activities to outweigh the risks of potential prosecution.

While researchers struggle to independently validate ransomware revenue figures, they universally agree on the gravity of the ransomware threat in 2023. The most prolific groups, predominantly located in Russia, are continuously adapting their tactics to overcome defenses and exploit current vulnerabilities. One concerning tactic involves mass exploitation campaigns, where ransomware groups leverage vulnerabilities in widely used products to simultaneously target multiple organizations. The Russian-based Clop gang has perfected this technique.

Overall, the persistence and evolution of ransomware actors paint a bleak picture for those who hoped for a decline in their activities following last year’s efforts to combat them.