A new report released today by blockchain analytics firm Chainalysis Inc. finds that ransomware payments hit $1.1 billion in 2023, the highest amount of record and close to double the $567 million in payouts in 2022.

Ransomware operations were found to have increased in both scope and complexity throughout the year, marking a troubling trend for global cybersecurity. Unsurprisingly, the most high-profile targets were critical infrastructure sectors, including healthcare, education and government agencies.

Also no surprise: Exploitation of vulnerabilities in widely used software, such as the MOVEit file transfer software, facilitated major attacks throughout the year, affecting organizations worldwide, from media outlets like the BBC to airlines such as British Airways.

Faced with increasing challenges, the report notes, law enforcement agencies have increased their efforts to combat ransomware. One example is the U.S. Federal Bureau of Investigation’s successful infiltration of the Hive ransomware operation in January 2023, which led to the claimed prevention of about $130 million in ransom payments.

The Hive operation showcases the potential for law enforcement to mitigate the impact of ransomware attacks, as well as the growing importance of international cooperation and the deployment of advanced cybersecurity technologies in tracking and dismantling cybercriminal networks.

Although the likes of the FBI are making an effort, it’s a game of Whac-A-Mole: For every ransomware gang targeted or taken down, more emerge.

The report found that 538 new ransomware variants appeared on the scene in 2023, demonstrating the adaptability of threat actors and their relentless pursuit of new methodologies to exploit vulnerabilities within digital ecosystems. The adoption of ransomware-as-a-service models and the exploitation of zero-day or previously undiscovered vulnerabilities are also said to underscore the lower barriers to entry for cybercriminals and the increasing sophistication of their attacks.

In 2023, several high-profile groups dominated the ransomware landscape, with Clop and ALPHV/BlackCat leading the pack when it comes to the number of attacks and impact. Clop, known for its “big-game hunting” strategy, targeted large organizations by exploiting zero-day vulnerabilities.

Clop’s biggest target in the year was a vulnerability in the MOVEit file transfer software. It affected a vast number of organizations and resulted in substantial ransom payments. The report estimated that the group received more than $100 million in ransom payments from its activities.

ALPHV/BlackCat was found to have demonstrated the increasing prevalence of Ransomware-as-a-Service models, where ransomware infrastructure is rented out to affiliates who then carry out attacks. The group distinguished itself by being selective in its affiliate program, recruiting individuals with proven hacking capabilities, which enabled the targeting of bigger entities for larger ransoms.

“The ransomware landscape underwent significant changes in 2023, marked by shifts in tactics and affiliations among threat actors, as well as the continued spread of RaaS strains and swifter attack execution, demonstrating a more efficient and aggressive approach,” the report concludes. “The movement of affiliates highlighted the fluidity within the ransomware underworld and the constant search for more lucrative extortion schemes.”

Image: DALL-E 3