Ransomware Revenue Drops as Victims Pay Less Often, Chainalysis Reports
While the number of ransomware hits may not have decreased significantly, the revenue from such attacks has fallen sharply last year, according to Chainalysis. The blockchain forensics firm believes that to a large extent the trend can be attributed to more of the targeted organizations refusing to pay the perpetrators.
Chainalysis Registers Significant Decline in Revenue From Ransomware Attacks
Over the course of 2022, ransomware actors have managed to extort at least $456.8 million from victims, Chainalysis revealed in a report published Thursday. The estimated amount is down from $765.6 million the year before, the analytics company pointed out, noting that the true total is likely much higher, as many crypto addresses controlled by attackers have yet to be identified.
“The trend is clear: Ransomware payments are significantly down,” the authors of the study said while emphasizing that this finding doesn’t mean fewer attacks have been carried out. They believe instead that much of the decline is due to a growing number of affected organizations actually refusing to pay the demanded ransoms.
Chainalysis also highlights a sizable increase in unique ransomware strains in 2022, continuing the growth of active strains in recent years. At the same time, the majority of the ransomware revenue still goes to a limited group of strains, the researchers say, meaning that “the actual number of individuals who make up the ransomware ecosystem is likely quite small.”
Victims Are Paying Less Frequently, Report Claims
The onchain data compiled by Chainalysis shows a “huge drop” of ransomware revenue, exceeding 40.3%. The evidence available to the company suggests that the decline stems from increasing unwillingness on the part of victims to pay ransom rather than a decrease in the number of attempts to extort money.
According to Michael Phillips, chief claims officer of cyber insurance firm Resilience, claims filed with the industry show ransomware remains a growing threat but certain factors are disrupting extortion attempts, like the war in Ukraine and the heightened pressure from Western law enforcement on groups committing such crimes, including arrests and recovery of funds.
Recorded Future intelligence analyst and ransomware expert Allan Liska quoted information gathered from data leak sites which indicated that ransomware attacks decreased between 2021 and 2022 by over 10%, from 2,865 to 2,566. The expert also pointed to another reason for the declining revenue — paying ransoms has become legally riskier — and elaborated:
With the threat of sanctions looming, there’s the added threat of legal consequences for paying [ransomware attackers].
Cyber insurance firms, being those reimbursing ransomware victims, have been playing a role, too. “Cyber insurance has really taken the lead in tightening not only who they will insure, but also what insurance payments can be used for, so they are much less likely to allow their clients to use an insurance payout to pay a ransom,” Liska commented.
Cyber insurers’ demand for improved cybersecurity measures is a key driver of the trend toward less frequent ransom payments, explained Bill Siegel, co-founder and CEO of ransomware incident response firm Coveware. His company’s stats show that between 2019 and 2022, victim payment rates have fallen from 76% to 41%.