The total amount of cryptocurrency criminals were able to steal through ransomware attacks dropped by 40% in 2022.
Ransomware attackers extorted at least $457 million in cryptocurrency from victims last year, according to the latest report from Chainalysis. This figure represents a substantial fall from $766 million the year prior, a drop of some 40.3%. The report attributed the decline to a pair of factors, the greater risk for victims to pay and enhanced cybersecurity measures.
Cyber Crime in Decline
One reason victims have been unable to pay is because of the greater risk that now comes with doing so. In Sept. 2021, the U.S. Office of Foreign Assets Control issued an advisory on the potential for sanctions violations when paying ransoms. Since then, the greater legal threat posed by paying ransoms has dissuaded several victims from even attempting.
“With the threat of sanctions looming, there’s the added threat of legal consequences for paying [ransomware attackers],” said Recorded Future intelligence analyst and ransomware expert Allan Liska. Bill Siegel, CEO and co-founder of ransomware incident response firm Coveware agreed, saying his firm refused to pay ransoms if there’s even a hint of connection to a sanctioned entity.
Another reason victims have been paying less is because many prospective targets have taken the appropriate security measures. In addition to advancing in cybersecurity, many of these firms also bolstered their data backup processes. These security measures have been taken to heart largely due to the demands of cyber insurance firms.
“Today, companies have to meet stringent cybersecurity and backup measures to be insured for ransomware coverage,” related one expert. “These requirements have proven to actively help companies bounce back from attacks rather than pay ransom demands.”
10,000 Strains and Affiliate Overlap
Despite the drop in revenue, the report noted that the number of unique ransomware strains in operation rose substantially last year. According to research from cybersecurity firm Fortinet, over 10,000 unique strains were active in the first half of 2022.
While on-chain data confirms that the number of active strains has grown significantly in recent years, the vast majority of ransomware revenue goes to a small group of strains.
The report also highlighted a common practice it had found known as affiliate overlap. Most ransomware strains operate as a ransomware-as-a-service (RaaS), essentially rented out to affiliates for a fee.
The report found that these affiliates will often utilize several different strains at the same time. Consequently, many of the attacks attributed to multiple different strains may have in fact been perpetrated by the same affiliates.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.