Ransomware payments in 2023 exceed $1 billion, hitting record highs

In 2023, ransomware actors targeted high-profile institutions and critical infrastructure, resulting in major supply chain attacks exploiting MOVEit software, resulting in an unprecedented $1 billion in extorted cryptocurrency payments.

 Person, Security, Computer, Electronics, Laptop, Pc, Face, Head, Computer Hardware, Computer Keyboard, Hardware

In 2023, ransomware attacks occurred more frequently, targeting high-profile facilities and critical infrastructure such as hospitals and government agencies. Ransomware gangs have received more than $1 billion in cryptocurrency payments from victims. These developments indicate that the cyber threat is expanding and causing more significant consequences.

Developments over the past year show that ransomware attacks are evolving and having an ever-greater impact on global security. Despite a decline observed in 2022, largely attributed to geopolitical events and law enforcement actions, ransomware payments in 2023 reached unprecedented levels. The FBI’s infiltration of the Hive ransomware strain prevented significant ransom payments and disrupted the cybercriminals’ activities, demonstrating the effectiveness of joint law enforcement efforts.

A rise in ransomware activity was observed in 2023, marked by various attack techniques and the spread of new ransomware varieties. The landscape saw increased frequency, scope, and volume of attacks orchestrated by various threat actors, including syndicates and individual hackers. The rise of Ransomware-as-a-Service (RaaS) models facilitated easier access to ransomware tools, leading to a surge in attacks executed by less technically skilled actors.

Zero-day vulnerabilities played a significant role in high-impact ransomware incidents, such as the MOVEit exploitation by the Cl0p ransomware group. This tactic enabled Cl0p to amass substantial ransom payments by leveraging data exfiltration strategies. For instance, MOVEit file transfer software was exploited in major attacks that affected organisations such as the BBC and British Airways. Furthermore, the movement of ransomware funds highlighted the preference for centralised exchanges and emerging laundering services among threat actors.

The lessons of 2023 underscore the need for continued collaboration between international law enforcement agencies, affected organisations, cybersecurity companies, and blockchain intelligence to combat ransomware threats effectively. While ransomware actors continue to adapt to regulatory changes and law enforcement measures, proactive engagement and efforts by law enforcement to support victims point to a stronger and more determined approach to combating cybercriminal activity.