The amount of money cybercriminal groups extorted through ransomware (opens in new tab) attacks is down 40% year-on-year, suggesting that businesses are increasingly refusing to pay to get their sensitive data back.
A report from Chainalysis examined cryptocurrency wallets known to be associated with ransomware groups. All blockchain data is pseudonymous and wallet activity can easily be tracked on-chain. Given that cybercriminals have to share their wallets with their victims, tracking these wallets is relatively easy.
That being said, Chainalysis says that in 2022, wallets belonging to known ransomware groups hoarded a total of $456.8 million. The year before, these groups extorted $766 million, a figure almost identical to the 2020 one – $765 million.
Using different variants
The researchers note that the decrease in payments isn’t due to fewer successful ransomware attacks. Threat actors are as successful as ever, with more than 10,000 strains circulating on the internet and lurking for their next victim.
What’s also interesting is that one ransomware group, or affiliate, does not necessarily stick to one ransomware variant for its operations. In fact, the same wallets were observed receiving payments from victims infected with different strains of the malware, including Conti, BlackCat, Black Lotus, LockBit, Sunscript, Hive and others.
The caveat of the report is that the numbers are most likely inconclusive. While tracking wallet activity is relatively easy for the researchers, it’s impossible to say if they found, and were tracking, all of them.
After all, some organizations do not report falling victim to this form of cybercrime and it’s possible that additional wallets will emerge in the future.
The same thing happened with the 2022 report, when Chainalysis first thought crooks stole $602 million, instead of the final $766 million total.