Ransomware Revenue Drops Amid Less Successful Extortion Attempts: Chain Analysis

2022 was a turbulent year. One good thing about this is that ransomware revenue has dropped significantly.

Attacks on the crypto industry remain widespread. However, data suggests that victims are increasingly refusing to pay ransomware attackers. Blockchain analytics company Chainalysis, in a new Report, shed light on the changing dynamics in the ransomware industry.

Zoom in on ransomware attacks 2022

It turned out that over 10,000 unique strains were active in the first half of the year alone – a trend also confirmed by on-chain data. In comparison, around 5,400 unique tribes were recorded as active in the same period of 2021. The number of active tribes has increased significantly in recent years, but much of it goes to a small group of tribes at any given time.

Ransomware lifespan has declined in 2022. In fact, the average ransomware strain was found to be active for just 70 days, compared to 153 in 2021 and 265 in 2020. Most attackers funnel the extorted funds to core cryptocurrency exchanges. That number increased from 39.3% in 2021 to 48.3% in 2022.

On the other hand, ill-gotten funds transferred to high-risk exchanges fell from 10.9% to 6.7%. A similar downward trend was seen in the use of illicit services such as darknet markets for ransomware money laundering. However, the use of coin mixers for the same purpose increased from 11.6% to 15.0%.

Less frequent ransom payments

Chainalysis stated that the estimate for total ransomware revenue in 2022 fell by 40.3% from $765.6 million in 2021 to at least $456.8 million in 2022. The drop is significant, showing an increasing unwillingness of victims to pay ransomware attackers and no drop in the actual number of exploits.

Michael Phillips, Chief Claims Officer of cyber insurance company Resilience, while claiming that ransomware remains a major cyber threat to businesses and operations, noted:

“However, there are indications that significant disruptions against ransomware actors groups result in less successful extortion attempts than expected.”

In the past four years in particular, the likelihood of victims paying a ransom has changed dramatically. An analysis conducted by Bill Siegel, CEO of ransomware incident response firm Coveware, found that victim payment rates have fallen from 76% in 2019 to 41% in 2022.

This shift comes as paying ransoms has become more legally risky, particularly following the September 2021 recommendation issued by the US Treasury Department’s Office of Foreign Assets Control (OFAC) on possible sanctions violations when paying ransoms.

Another important factor playing a crucial role in the developing trend is the reimbursement by cyber insurance companies of victims of ransomware attacks. Phillips emphasized that to be insured against ransomware, companies must meet strict cybersecurity and backup measures. The demand for better cybersecurity measures has enabled companies to recover from attacks rather than give in to ransom demands.

“An increased focus on underwriting against factors that contribute to ransomware has resulted in lower incident costs for businesses and contributed to a downward trend in extortion payments.”

SPECIAL OFFER (sponsored)

Binance Free $100 (Exclusive): Use this link to sign up and get $100 free for the first month and a 10% discount on Binance Futures fees (Conditions).

PrimeXBT Special Offer: Use this link to register and enter the POTATO50 code to get up to $7,000 on top of your deposits.

December 2022 – Ethereum gas price down 19.16%

The Cardano network is recovering after a brief outage triggered by a “temporary anomaly.”