Many industry experts assume that victims are hesitant to pay up because of the U.S. Office of Foreign Assets Control’s threat to apply penalties.
With ransomware revenues for attackers falling 40% to $456.8 million in 2022, victims of the extortion seem to be tired of it.
The data was released by blockchain analytics company Chainalysis in a study on January 19; the company noted that the numbers don’t always indicate a decrease in the amount of assaults from the previous year.
Instead, Chainalysis pointed out that businesses have been compelled to enhance cybersecurity safeguards, while ransomware victims have grown more reluctant to comply with attackers’ demands.
This information was included in Chainalysis’ 2023 Crypto Crime Report. According to the 2022 research, ransomware generated a staggering $602 million in revenue last year. However, after more bitcoin wallet addresses were discovered, the figure increased to $766 million.
Chainalysis continued by saying that because to the nature of blockchain, attackers are finding it harder and harder to get away with their crimes:
Despite ransomware attackers’ best efforts, the blockchain’s transparency makes it possible for investigators to identify these rebranding attempts almost immediately.
It’s interesting to note that, compared to 2021, ransomware attackers used centralized cryptocurrency exchanges 48.3% more often when reallocating the cash.
Additionally, according to Chainalysis, the prevalence of mixer protocols like the now-sanctioned Tornado Cash jumped from 11.6% to 15.0%.
Fund transfers to “high-risk” bitcoin exchanges, however, decreased from 10.9% to 6.7%.
Victims Avoiding Payment
Allan Liska, a threat intelligence analyst for Recorded Future, revealed to Chainalysis that the advisory statement issued by the US Office of Foreign Assets Control (OFAC) in September 2021 may contribute to the decline in income.
“With sanctions on the horizon, there is also the extra risk of legal repercussions for paying [ransomware attackers].”
The underwriting standards of cybersecurity insurance companies are also becoming more stringent, according to Liska: “Cyber insurance has really taken the lead in tightening not only who they will insure but also what insurance payments can be used for, so the probability is less that they would allow their clients to use an insurance payout to pay a bill.”
According to Siegel, many insurance companies won’t renew coverage unless the covered systems have complete backups, integrate Endpoint Detection and Response protection, and use multiple forms of authentication.
Despite a rise in the number of distinct ransomware strains in use, the income decline occurred, according to statistics provided by cybersecurity company Fortinet.
Although it may seem like there is more competition in the realm of ransomware, many of the new strains, according to Siegel, are being produced by the same companies:
“Compared to popular belief, the number of core ransomware participants is incredibly low—perhaps a few hundred. The only difference in the crooks is the paint job on their getaway vehicles.
Chainalysis added that while not every cryptocurrency address possessed by ransomware attackers has been located, the “actual totals” for the statistics given in the study are probably substantially higher.