Cybercriminal gangs’ earnings are falling as victims refuse to pay

Date:

Researchers say cybercriminal groups’ incomes have fallen by 40% as victims refuse to pay ransoms.

Cryptocurrency experts Chainalysis say that ransomware groups bilked victims of at least $457 million in 2022, down $311 million from the year before.

The true numbers are likely higher, but experts agree that fewer victims are paying.

However, despite the fall in criminal income, the number of attacks is increasing.

Companies, governments, schools and even hospitals around the world regularly fall victim to ransomware hackers who block access to their IT systems until a ransom is paid, usually in Bitcoin.

Hackers also often threaten to publish or sell stolen data.

Recent high-profile victims include The Guardian newspaper, delivery company Royal Mail and Canadian children’s hospital Sick Kids.

Many ransomware groups are believed to be based in Russia, although Russian officials deny that the country is a haven for the groups.

Bitcoin wallet tracking

Chainalysis analysts monitor the flow of money into Bitcoin wallets known to belong to ransomware groups.

The researchers say that the criminal proceeds are much higher than what they see, as the hackers are likely using other wallets as well.

Still, the company says the trend is clear: ransomware payouts have decreased significantly.

Ransomware is still very profitable.
Nearly $29 million in bitcoins and cash seized from convicted extortion hacker Sébastien Vachon-Desjardins’ apartment

Bill Siegel of Coveware, which specializes in negotiating with hackers, agrees.

Its customers are increasingly reluctant to give in to hackers who can demand millions of dollars.

In 2022, 41% of its customers paid the ransom, compared to 70% in 2020, he said.

No government has outlawed ransom payments to hackers, but Mr. Siegel and other cyber experts believe that US sanctions against hacking groups or those with ties to Russia’s Federal Security Service have made paying some groups legally risky.

“We refuse to pay the ransom if there is even a hint of connection with a sanctioned organization,” Mr. Seigel said.

Other factors may also play a role, including increased awareness of ransomware, which leads to improved cybersecurity in organizations.

“It’s definitely getting harder for hackers to get paid for ransomware attacks,” said Brett Callow, threat researcher at cybersecurity firm Emsisoft.

Companies have become better at securing their backups, reducing the need to pay hackers to restore them, he added.

“Furthermore, because ransomware attacks have become so common, they are less of a PR disaster for companies, making it less likely that they will pay to keep incidents quiet and out of the news.”

The attacks are increasing

Despite the drop in revenue, 2022 saw a sharp increase in the number of unique strains of ransomware used in attacks.

A study by cybersecurity firm Fortinet found that more than 10,000 unique types of malware were active in the first half of 2022.

Last year’s decline in attacks could be attributed to law enforcement actions, mostly by US authorities, that led to the disbanding of some of the biggest ransomware groups.

The raids led to the arrest of two alleged REvil hackers in Romania and one from Ukraine.

In November 2021, alleged members of the REvil group were arrested worldwide in a global police operation, with US authorities seizing more than $6 million in cryptocurrency in a so-called “knockback” hacking operation.

This follows a similar operation in the US in June 2021 that took the Darkside gang offline and recovered $4.1 million in stolen funds.

It is believed that these actions may have forced criminals to work in smaller groups, as well as undermine the trust of gangs.

Criminals now appear to be carrying out a greater number of smaller attacks instead of going after large Western targets – the so-called “big game hunt” – where big payouts are more likely.

“While big game hunting may have become more complex, it’s still rewarding,” said Jackie Burns Coven, head of cyber threat intelligence at Chainalysis.

She warns that ransomware is still extremely profitable, and small organizations need to be even more vigilant as hackers expand their network in an attempt to cash in.

Share post:

Popular

More like this
Related

Monobank launches the service of international delivery of physical cards

Monobank launched a physical card delivery service in more...

Fungi that cause serious lung infections are found all over the world

Researchers say doctors need to keep an eye on...

Kyiv doctors performed an extremely complicated operation on a cancer patient

The 62-year-old patient came from Odesa to Kyiv because...

The SBU detained a paramedic who was correcting Russian missile strikes on the Odesa region

In the Odesa region, the Security Service detained an...