SINGAPORE – Criminals using ransomware or malicious software to choke up access to a computer system in extortion have made a comeback in 2023, said blockchain research firm Chainalysis.
The firm’s report, released on Feb 7, said global ransomware attacks clocked US$1.1 billion (S$1.48 billion) in 2023 in cryptocurrency payments made by victims.
The amount in 2023 is the highest since 2019 and is double that of the US$567 million in 2022, said the study.
“Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks,” the report noted.
Chainalysis said the figures are conservative estimates and are likely to increase as new ransomware addresses are discovered over time.
It added that the ransomware situation escalated in 2023 in terms of frequency, scope and volume of attacks.
Citing Mr Allan Liska, a threat intelligence analyst at cyber-security firm Recorded Future, the study said there has been astronomical growth in the number of threat actors carrying out ransomware attacks.
Recorded Future reported 538 new ransomware variants in 2023, indicating the rise of new and independent groups of attackers.
Among the top ransomware strains that made the most illicit gains are RansomHouse, Dark Angels and Cl0p.
In the last few years, big game hunting has become the dominant strategy with a larger share of all ransomware payment volume made up of payments of US$1 million or more, the report said.
Big game hunting in cyberspace refers to a cyber attack that targets large, high-value organisations or high-profile entities. Such attacks are fewer in number, but the extortion amounts are much larger.
The report said the growth of initial access brokers (IABs) made it easier for criminals to carry out ransomware attacks. IABs penetrate the networks of potential victims and sell that access to ransomware attackers for as little as a few hundred dollars.
“We found a correlation between inflows to IAB wallets and an upsurge in ransomware payments, suggesting monitoring IABs could provide early warning signs and allow for potential intervention and mitigation of attacks,” Chainalysis said.
It added that centralised crypto exchanges and mixers have typically been the preferred methods for laundering ransomware payments. A mixer blends the cryptocurrencies of many users together to obfuscate the origins and owners of the funds.
However, in 2023, criminals started to turn to other avenues to launder their illicit gains, including bridges, instant exchangers and gambling services. Bridges are mechanisms for connecting different blockchain networks so that they can exchange information and assets.
Chainalysis said the change in preference to cashing out comes on the back of greater scrutiny on the usual laundering avenues and more robust anti-money laundering policies.
The report said exchanges showed the lowest level of concentration in ransomware laundering, while gambling services, cross-chain bridges and sanctioned entities showed the highest levels.