Cybercriminals Score Record $1 Billion via Ransomware Attacks in 2023
Summary:
In 2023, cybercriminals stole a record-breaking $1 billion in cryptocurrency ransomware payments, with varying types of attacks perpetrated by actors ranging from individuals to large syndicates. Cybersecurity firm Recorded Future identified 538 new ransomware variants, used in tactics ranging from smaller frequent attacks to fewer, more high-stakes ones. A notable ransomware group mentioned, CL0P, exploited software and security vulnerabilities for extensive data theft, amassing over $100 million in payments. Further, the preferences of criminals for laundering stolen funds shifted towards using cross-chain bridges, instant exchangers, mixers, and underground exchanges.
In 2023, cybercriminals achieved a new record, stealing $1 billion in cryptocurrency ransomware payments. This surge in electronic theft saw high-profile bodies and critical infrastructure compromised by complex assaults. Chainalysis’ 2024 Crypto Crime Report shed light on major supply chain attacks conducted using the popular file transfer program MOVEit, which had repercussions for major entities, such as the British Airwaves and BBC.
The spike in ransomware incidents in 2023 can be traced to a mounting tally, range, and scale of attacks. Assailants varied greatly, from individuals to small illicit teams to sizable criminal organizations. Ransom payments saw unprecedented levels in 2023, going beyond $1 billion.
Research from cybersecurity enterprise Recorded Future, as outlined in the report from Chainalysis, documented a shocking 538 new ransomware versions in 2023. The report offers visual depictions of different ransomware types according to the size and regularity of payments, providing insight into the array of criminal tactics at play.
The study points out that cybercriminal organizations such as CL0P relied on a "big game hunting" tactic. This involved launching fewer attacks compared to other strains of ransomware, but each attack demanded substantial payouts: "Cl0p took advantage of zero-day weaknesses that enabled them to coerce numerous high-profile victims simultaneously, resulting in an increased emphasis on data pilfering as opposed to encryption."
There are other ransomware groups like Phobos that basically function on a Ransomware as a Service (RaaS) approach. This approach provides illegal affiliates with access to the malware to conduct assaults. The central operators make money from a portion of the ransom earnings. Smaller organizations are usually targeted under this system with nominal ransoms, banking on a high volume of lesser attacks as a leverage to withdraw funds.
Cybercriminals often create new brands and overlapping strains of ransomware to dissociate themselves from previously recognized strains connected to sanctions and investigations. Chainalysis uses blockchain analytics to demonstrate on-chain connections between wallets of various ransomware strains.
Zero-day vulnerabilities were another major contributing factor to high-consequence ransomware incidents in 2023. These typically prey on security weaknesses in a corporation's offering, framework, product, or application before developers can create and distribute a solution.
The most notable instance of this was in 2023 when CL0P exploited the file transfer software MOVEit. This software is integrated with numerous IT and cloud applications and exposed data from hundreds of organizations and millions of users. This sequence of events led to CL0P becoming the most dominant ransomware strain in the industry. Between June and July 2023, over $100 million in ransom payments were totaled, comprising 44.8% of the overall ransomware value.
Criminals have also shifted towards using cross-chain bridges, immediate exchangers, mixers, and underground exchanges to launder a larger portion of funds garnered via ransomware attacks. Centralized exchanges and mixers had traditionally been the primary recipients of money stolen through ransomware attacks in need of laundering.
Published At
2/7/2024 5:08:40 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.