Ransomware payments breached $1 billion in 2023, the highest number ever observed

2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022.

In 2023, the ransomware landscape saw a major escalation in the frequency, scope, and volume of attacks. Ransomware attacks were carried out by a variety of actors, from large syndicates to smaller groups and individuals — and experts say their numbers are increasing. Allan Liska, Threat Intelligence Analyst at cybersecurity firm Recorded Future, notes, “A major thing we’re seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks.” Recorded Future reported 538 new ransomware variants in 2023, pointing to the rise of new, independent groups. 

As a result, Ransomware payments in 2023 surpassed the $1 billion mark, the highest number ever observed, according to Chainalysis. Although 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem. Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks. 

The ransomware landscape is not only prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies.

„It is important to recognize that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time. For instance, our initial reporting for 2022 in last year’s crime report showed $457 million in ransoms, but this figure has since been revised upward by 24.1%.” Chainalysis explains.

The spread of Ransomware-as-a-Service (RaaS) and availability of hacking tools have made it easier to launch attacks

The growth of initial access brokers (IABs) has made it easier for bad actors to carry out ransomware attacks. As their name would suggest, IABs penetrate the networks of potential victims, then sell that access to ransomware attackers for as little as a few hundred dollars. We found a correlation between inflows to IAB wallets and an upsurge in ransomware payments, suggesting monitoring IABs could provide early warning signs and allow for potential intervention and mitigation of attacks.

IABs combined with off-the-shelf RaaS, means that much less technical skill is required to carry out a successful ransomware attack. Andrew Davis, General Counsel at Kivu Consulting, a firm specializing in cybersecurity incident response, told us more about this trend. “The increase in attack volume can be attributed to the affiliate model’s ease of access and the adoption of ransomware-as-a-service, a disturbingly effective business model for cybercriminals,” said Davis.