Why Ransomware Gangs are Raking in So Much Money
In the year 2023, many organizations and startups faced financial struggles, with some even making drastic cuts to survive. However, for ransomware and extortion gangs, it was an incredibly lucrative year, according to recent reports.
It comes as no surprise when considering the current state of the ransomware landscape. Last year saw hackers continue to evolve their tactics, becoming more aggressive and extreme in their efforts to extract ransom payments from victims. This escalation, paired with the lack of government bans on ransom payments, resulted in 2023 becoming the most profitable year yet for ransomware gangs.
The Billion-Dollar Cybercrime Business
According to new data from crypto forensics startup Chainalysis, known ransomware payments almost doubled in 2023, surpassing the $1 billion mark. They referred to the year as a “major comeback for ransomware.”
This figure is the highest ever recorded and almost twice the amount of known payments in 2022. However, Chainalysis believes that the actual amount is much higher, estimating over $1.1 billion in ransom payments.
There is a small glimmer of good news, though. While 2023 was an exceptionally profitable year for ransomware gangs, other experts have noted a drop in payments toward the end of the year.
Record-Breaking Ransoms
But this decrease in ransom payments has not stopped ransomware gangs from making a substantial amount of money. Instead, they have compensated for the drop in earnings by targeting more victims.
One notable campaign is the MOVEit hack, where the prolific Russia-linked Clop ransomware gang exploited a previously unknown vulnerability in widely used MOVEit Transfer software. This allowed them to steal data from over 2,700 victim organizations, many of whom paid the perpetrator in an attempt to prevent the release of sensitive data.
Although it is impossible to determine the exact amount earned from this mass-hack, Chainalysis reports that the Clop gang made over $100 million in ransom payments. This accounted for close to half of all ransomware payments received in June and July of 2023, during the peak of the attack.
However, the MOVEit campaign was not the only profitable enterprise in 2023. In September, casino giant Caesars paid approximately $15 million to hackers to prevent the disclosure of customer data stolen in a cyberattack in August.
This multimillion-dollar payment highlights why ransomware actors continue to make excessive amounts of money. The Caesars attack received little media attention, while a subsequent attack on hotel giant MGM Resorts, which has cost the company $100 million to recover from, dominated headlines for weeks. By refusing to pay the ransom, MGM faced the release of sensitive customer data, including names, Social Security numbers, and passport information. In contrast, Caesars appeared scarcely affected, even though the company could not guarantee the deletion of their stolen data.
Escalating Threats
As more organizations refuse to pay ransom demands, ransomware gangs are resorting to even more extreme tactics and threats in order to increase their profits.
In December, hackers reportedly threatened to “swat” a cancer hospital into paying the ransom by making malicious calls and falsely claiming a real-world threat to life, thus prompting an armed police response.
Notorious ransomware gang Alphv (also known as BlackCat) also used the U.S. government’s new data breach disclosure rules against MeridianLink, one of their victims. They accused MeridianLink of failing to publicly disclose a “significant breach compromising customer data and operational information” and claimed responsibility for it.
No Ban on Ransom Payments
Ransomware remains a profitable business for hackers because, although not advised, nothing is stopping organizations from paying the ransom. The only exception is if the hackers have been sanctioned.
The debate over whether to pay the ransom or not is a controversial subject. Ransomware remediation company Coveware suggests that if the U.S. or another highly targeted country were to ban ransom payments, companies would likely stop reporting these incidents to authorities, halting the cooperation between victims and law enforcement. The company also predicts that such a ban would create a large, illegal market for facilitating ransom payments.
However, other experts believe that a complete ban is the only way to prevent ransomware hackers from lining their pockets, at least in the short term.
Allan Liska, a threat intelligence analyst at Recorded Future, previously opposed a ban on ransom payments but now believes that as long as they remain lawful, cybercriminals will stop at nothing to collect their payments.
“I’ve resisted the idea of blanket bans on ransom payments for years, but I think that has to change,” said Liska. “Ransomware is getting worse, not just in the number of attacks but in the aggressive nature of the attacks and the groups behind them.”
“A ban on ransom payments will be painful and, if history is any guide, will likely lead to a short-term increase in ransomware attacks, but it seems like this is the only solution that has a chance of long-term success at this point,” he added.
While more victims are realizing that paying the ransom does not guarantee the protection of their data, it is clear that these financially driven cybercriminals will not be stopping their lavish lifestyles anytime soon. Until then, ransomware attacks will continue to be a major source of income for those behind them.
