40% Revenue Decline in 2022 – Channel Analysis

Ransomware victims apparently have had enough of extortion, with ransomware revenue for attackers falling 40 percent to $456.8 million in 2022.

Blockchain intelligence firm Chainalysis shared data in a Jan. 19 report, noting that the data does not mean the number of attacks is down from last year.

Instead, Chainalysis noted that companies have been forced to tighten cybersecurity measures, while ransom victims are increasingly unwilling to pay attackers their demands.

Total value stolen by ransomware attackers between 2017 and 2022. Source: Chain analysis.

The findings are part of Chainalysis’ 2023 Cryptocrime Report. Last year, revenue from ransomware The total was $602 million at the time of the 2022 report, which was later reported to have increased to $766 million when additional cryptocurrency wallet addresses were identified.

Chainalysis added that the nature of blockchain means that attackers are finding it increasingly difficult to escape:

“Despite the best efforts of ransomware attackers, blockchain transparency allows investigators to detect these rebranding attempts virtually as soon as they occur.”

Interestingly, ransomware attackers used 48.3% of centralized cryptocurrency exchanges when reallocating funds – up from 2021’s figure of 39.3%.

Destination of Funds Leaving Ransomware Wallets Between 2018 and 2022 Source: Chain analysis.

Chainalysis also noted that mixer protocols, such as the now OFAC-approved Tornado Cash, increased from 11.6% to 15.0% in 2022.

On the other hand, fund transfers to “high-risk” cryptocurrency exchanges fell from 10.9% to 6.7%.

The victims refuse to pay the money.

In an insight shared with Chainalysis, Recorded Futures risk intelligence analyst Alan Leska said the US Office of Foreign Assets Control (OFAC) advisory statement in September 2021 partially accounted for the decline in revenue. can:

“Along with the risk of sanctions, there is the added risk of legal consequences for payment [ransomware attackers]”

A statistical analysis conducted by Bill Siegel, CEO of ransomware incident response firm Coveware, also suggested that ransomware victims are less reluctant to pay:

Siegel’s probability chart shows that ransomware victims are increasingly unwilling to pay their attackers. Source. Chain analysis.

Cybersecurity insurance firms are also tightening their underwriting standards, Leska explained:

“Cyber ​​insurers have really taken the lead in tightening not only who they insure, but also who the insurance payouts can be used for, so they’re paying their clients back. are much less likely to allow insurance payments to be used for payment.”

Siegel noted that many firms won’t renew policies unless insured systems are fully backed up, endpoint detection and response security are integrated, and multi-factor authentication mechanisms are in place. should be done

Related: Report: 74% of funds stolen from ransomware attacks in 2021 went to Russian-affiliated wallet addresses

Revenue fell despite an explosion in the number of unique ransomware strains in circulation, according to data shared by cybersecurity firm Fortinet.

However, Siegel explained that competition in the ransomware world seems to be increasing, with many new strains being carried out by the same organizations:

“The number of core individuals involved in ransomware is incredibly small, perhaps a couple of hundred […] These are the same criminals, they are just repainting their cars.”

Chainalysis also explained that the “true total” for the data provided in the report is likely to be high because not every cryptocurrency address controlled by ransomware attackers has been identified.