Cyber-crime gangs have had a 40% drop in earnings as victims are refusing to pay ransoms, researchers say. Cryptocurrency experts at Chainalysis say ransomware groups extorted at least $457m (£370m) from victims in 2022 – $311m less than the year before. The true figures are likely to be higher, but experts agree that fewer victims are paying. Cyber-crime gangs had a 40% drop in earnings.
However, while there has been a drop in criminal revenue, the number of attacks is rising. Companies, governments, schools, and even hospitals around the world are regularly falling victim to ransomware hackers, who lock staff out of their IT systems until a ransom is paid, usually in Bitcoin.
The hackers often threaten to publish or sell stolen data too. Recent high-profile victims include The Guardian newspaper, the Royal Mail delivery company, and Sick Kids Canadian children’s hospital. Many ransomware crews are thought to be based in Russia, although Russian officials deny the country is a haven for the groups.
Analysts at Chainalysis track the money flowing in and out of Bitcoin wallets which are known to be owned by ransomware crews. Researchers say the criminal proceeds will be much higher than those they can see because the hackers are likely to use other wallets too.
Nonetheless, the company says, the trend is clear: ransomware payments are significantly down. Bill Siegel, of Coveware, which specializes in negotiating with hackers, agrees. His clients are becoming increasingly reluctant to give in to hackers, who can demand millions of dollars.
In 2022, 41% of his clients paid ransoms compared with 70% in 2020, he says. No governments have made it illegal to pay hacker ransoms, but Mr Siegel and other cyber experts think that US sanctions against hacker groups, or those with links to Russia’s Federal Security Service, have made paying some groups legally risky.
“We refuse to pay ransoms if there’s even a hint of connection to a sanctioned entity,” Mr Seigel said. Other factors may also be at play, including an increase in ransomware awareness leading to improved cyber-security at organizations. “Hackers are definitely finding it harder to get paid for ransomware attacks,” said Brett Callow, a threat researcher at cyber-security company Emsisoft.
Companies have become better at protecting their back-ups, reducing their need to pay hackers for recovery, he added. “Additionally, as ransomware attacks have become so common, they are less of a PR disaster for companies, making them less likely to pay to keep incidents quiet and out of the news.”
Despite the drop in revenue, the number of unique ransomware strains being used in attacks reportedly increased dramatically in 2022. Research from cyber-security firm Fortinet found that more than 10,000 unique types of malicious software were active in the first half of 2022. The growth in the number of attacks last year could be connected with enforcement actions, mainly by the US authorities, which caused some of the largest ransomware groups to disband.
