Bitcoin btc
$ usd

Cyber Crime Gangs Lose Out as Victims Play Hardball

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Crypto revenue from ransomware attacks fell 40% last year, from $766 million to $457 million.
  • The decline to growing legal risks for victims if they pay and greater cybersecurity measures.
  • 10,000 unique strains of ransomware were active last year, but many were used by the same affiliates.
  • promo

The total amount of cryptocurrency criminals were able to steal through ransomware attacks dropped by 40% in 2022.

Ransomware attackers extorted at least $457 million in cryptocurrency from victims last year, according to the latest report from Chainalysis. This figure represents a substantial fall from $766 million the year prior, a drop of some 40.3%. The report attributed the decline to a pair of factors, the greater risk for victims to pay and enhanced cybersecurity measures.

Cyber Crime in Decline

One reason victims have been unable to pay is because of the greater risk that now comes with doing so. In Sept. 2021, the U.S. Office of Foreign Assets Control issued an advisory on the potential for sanctions violations when paying ransoms. Since then, the greater legal threat posed by paying ransoms has dissuaded several victims from even attempting. 

“With the threat of sanctions looming, there’s the added threat of legal consequences for paying [ransomware attackers],” said Recorded Future intelligence analyst and ransomware expert Allan Liska. Bill Siegel, CEO and co-founder of ransomware incident response firm Coveware agreed, saying his firm refused to pay ransoms if there’s even a hint of connection to a sanctioned entity.

Another reason victims have been paying less is because many prospective targets have taken the appropriate security measures. In addition to advancing in cybersecurity, many of these firms also bolstered their data backup processes. These security measures have been taken to heart largely due to the demands of cyber insurance firms.

“Today, companies have to meet stringent cybersecurity and backup measures to be insured for ransomware coverage,” related one expert. “These requirements have proven to actively help companies bounce back from attacks rather than pay ransom demands.”

10,000 Strains and Affiliate Overlap

Despite the drop in revenue, the report noted that the number of unique ransomware strains in operation rose substantially last year. According to research from cybersecurity firm Fortinet, over 10,000 unique strains were active in the first half of 2022.

While on-chain data confirms that the number of active strains has grown significantly in recent years, the vast majority of ransomware revenue goes to a small group of strains.

The report also highlighted a common practice it had found known as affiliate overlap. Most ransomware strains operate as a ransomware-as-a-service (RaaS), essentially rented out to affiliates for a fee.

The report found that these affiliates will often utilize several different strains at the same time. Consequently, many of the attacks attributed to multiple different strains may have in fact been perpetrated by the same affiliates.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Nicholas Pongratz
Nick is a data scientist who teaches economics and communication in Budapest, Hungary, where he received a BA in Political Science and Economics and an MSc in Business Analytics...