Ransomware is getting less lucrative as victims stop paying

(Image credit: Pixabay)

The amount of money cybercriminal groups extorted through ransomware attacks is down 40% year-on-year, suggesting that businesses are increasingly refusing to pay to get their sensitive data back.

A report from Chainalysis examined cryptocurrency wallets known to be associated with ransomware groups. All blockchain data is pseudonymous and wallet activity can easily be tracked on-chain. Given that cybercriminals have to share their wallets with their victims, tracking these wallets is relatively easy.

That being said, Chainalysis says that in 2022, wallets belonging to known ransomware groups hoarded a total of $456.8 million. The year before, these groups extorted $766 million, a figure almost identical to the 2020 one - $765 million.

TechRadar Pro needs you! We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Using different variants

The researchers note that the decrease in payments isn’t due to fewer successful ransomware attacks. Threat actors are as successful as ever, with more than 10,000 strains circulating on the internet and lurking for their next victim.

What’s also interesting is that one ransomware group, or affiliate, does not necessarily stick to one ransomware variant for its operations. In fact, the same wallets were observed receiving payments from victims infected with different strains of the malware, including Conti, BlackCat, Black Lotus, LockBit, Sunscript, Hive and others. 

The caveat of the report is that the numbers are most likely inconclusive. While tracking wallet activity is relatively easy for the researchers, it’s impossible to say if they found, and were tracking, all of them. 

After all, some organizations do not report falling victim to this form of cybercrime and it’s possible that additional wallets will emerge in the future.

The same thing happened with the 2022 report, when Chainalysis first thought crooks stole $602 million, instead of the final $766 million total.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.