In 2023, a staggering $1 billion was pilfered in cryptocurrency ransomware payments, marking a record-high figure. These illicit transactions targeted renowned institutions and critical infrastructure, signifying the sophistication of the attacks orchestrated by cybercriminals.
One notable incident involved a significant supply chain breach facilitated by the widely-used file transfer software MOVEit, impacting notable entities like the BBC and British Airways. This revelation comes from Chainalysis's 2024 CryptoCrime Report on Ransomware, shedding light on the evolving landscape of cyber threats.
The resurgence of ransomware in 2023 can be attributed to an uptick in the frequency, scope, and magnitude of these attacks. Per insights from cybersecurity firm Recorded Future, a total of 538 new ransomware variants emerged throughout the year, showcasing the diverse tactics employed by cybercriminals. Chainalysis's report provides a comprehensive overview of ransomware strains, illustrating their payment size and frequency, thereby elucidating various criminal strategies.
One notable strategy highlighted in the report is employed by ransomware groups like CL0P, characterized by a "big game hunting" approach. These groups exploit zero-day vulnerabilities to target numerous high-profile victims, opting for data exfiltration over encryption to extort substantial sums per attack.
Conversely, ransomware groups such as Phobos operate on a ransomware-as-a-service (RaaS) model, granting access to malware for conducting attacks. Chainalysis underscores the prevalence of this model, particularly in targeting smaller entities with lower ransom amounts, thereby relying on a multitude of smaller attacks to maximize profits. Additionally, cybercriminals often employ tactics like renaming and creating overlapping viruses to evade detection and distance themselves from previous identifications associated with sanctions and investigations.
