Funds raised by ransomware attacks fell from $765.6 million in 2021 to $456.8 million in 2022, according to a new report from analytics firm Chainalysis.
Crypto-related ransomware attacks have seen a steep decline in success over the past 12 months.
Crypto ransomware activity
The chart below shows the increase and decrease in funds obtained by ransomware attacks over the past six years. 2020 saw a dramatic increase as stolen funds reached $765 million, with a similar amount stolen by bad actors in 2021.
Chainalysis reports that there are likely addresses owned by as-yet-unidentified ransomware attackers, so we are aware that the “actual total is much higher,” but this decrease is likely due to the number of victims. is smarter against such attacks. As a result, Chainalysis released a statement supporting this opinion.
“[Ransomware payments falling] Attacks have not declined…we believe much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers. ”
Ransomware stock explodes
While payments to remove ransomware have dropped dramatically, the number of ransomware stocks has exploded in 2022.
Fortinet is a leading cybersecurity hardware and software company that report Over 10,000 unique strains active through 2022.
Strains have short lifespans as bad actors keep changing attack vectors to optimize the amount of stolen funds. For example, in 2012 the stock lasted his 3,907 days, but in 2022 the average length was just 70 days. As a result, cybersecurity solutions must respond to increased active tension in defense strategies.
Funds acquired by ransomware attacks are laundered in several ways. Most of the funds are still going to popular centralized exchanges. However, his P2P exchanges, which were a popular solution for ransomware attackers in 2018, now make up a tiny fraction of the total number.
After centralized exchanges, the lasting method of money laundering is to use darknet markets designated as “illegal” in the Chainalysis chart below. Finally, mixing services are the next big thing, allowing attackers to “wash out” crypto with little recourse from global authorities.
On-chain data forensics
Chainalysis used on-chain data to identify an “affiliate” market for ransomware software. This allows third parties to receive a “small fixed income” in the model of delivering ransomware as a service.
“You can think of this as the gig economy, but it’s for ransomware. It can give the illusion of being different, but in reality they are all the same car.”
On-chain data could allow companies like Chainalysis to track bad actors across the blockchain and identify their next attack vector. For example, the ransomware epidemic Conti was discontinued in May 2022.
Ransomware attackers “reused wallets for multiple attacks, nominally launched in different attacks,” making their tracking efforts relatively simple.
Decrease in ransomware payments
A better understanding of the landscape, improved security measures, and better on-chain forensics capabilities have reduced the number of successful ransomware attacks. As a result, victims have refused to pay the attackers, many of whom are associated with OFAC-sanctioned parties.
In 2019, only 24% of victims refused to pay, but by 2022 that percentage has increased to 59%. Paying ransomware bounties to parties on OFAC’s sanctions list can be “legally riskier.” Allan Lisk, Intelligence Analyst at Recorded Future, told Chainalysis:
“With the looming threat of sanctions, there is the additional threat of legal consequences for payments. [ransomware attackers.]”
The consequences of not paying ransomware demands can often be devastating to victims who lose access to critical data. It is hoped that the number of victims will decrease as well.
Regardless, the role of cryptocurrencies in ransomware attacks is clear. This is how hundreds of millions of dollars worth of cryptocurrencies are stolen every year. However, it is not without loss of traditional financial assets, many of which cannot be traced through blockchain.