Ransomware victims are refusing to pay, tanking attackers’ profits

Man holding head in hands in front of laptop showing crashing prices

Enlarge / Holding up corporations, utilities, and hospitals for malware-encrypted data used to be quite profitable. But it’s a tough gig lately, you know? (credit: ifanfoto/Getty Images)

Two new studies suggest that ransomware isn’t the lucrative, enterprise-scale gotcha it used to be. Profits to attackers’ wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports.

Chainalysis, a blockchain analysis firm that has worked with a number of law enforcement and government agencies, suggests in a blog post that based on payments to cryptocurrency addresses it has identified as connected to ransomware attacks, payments to attackers fell from $766 million in 2021 to $457 million last year. The firm notes that its wallet data does not provide a comprehensive study of ransomware; it had to revise its 2021 total upward from $602 for this report. But Chainalysis’ data does suggest payments—if not attacks—are down since their pandemic peak.

Chainalysis’ post also shows attackers switching between malware strains more quickly, and more known attackers are keeping their funds in mainstream cryptocurrency exchanges instead of the illicit and funds-mixing destinations that were more popular in ransomware boom times. This might look like a sign of a mature market with a higher cost of entry. But there’s more to it than typical economics, Chainalysis suggests.

Read 5 remaining paragraphs | Comments