Ransomware is a type of malware that encrypts the victim’s data and demands a payment to restore it. It has been around for decades, but in 2023, it reached new heights of sophistication and profitability. According to a new report by Chainalysis, a leading blockchain analysis firm, ransomware actors collected a record-breaking $1.1 billion from their victims last year, almost doubling the amount from 2022.
The report also reveals how ransomware attacks have become more complex and targeted, affecting large institutions, hospitals, schools, and government agencies. These organizations often have sensitive data, critical operations, and limited resources to deal with cyber threats, making them attractive and vulnerable targets for ransomware operators.
For example, 46 hospital systems in the United States were directly hit by ransomware in 2023, disrupting their IT systems and patient data, according to a cybersecurity firm Emsisoft. This is an increase from 25 in 2022 and 27 in 2021. K-12 schools also suffered greatly, with 108 reported incidents.
The economic impact of these attacks is hard to measure, as it includes not only the ransom payments, but also the productivity loss and repair costs. Chainalysis estimates that these figures could be an order of magnitude greater than the reported ransom amounts. One notable case is the attack on MGM Resorts, which cost the company over $100 million in lost revenue, including $10 million in consulting cleanup fees. However, since MGM reportedly refused to pay the ransom, it is not counted in the Chainalysis report.
The report also sheds light on the factors that influence the ransomware landscape. One of them is the geopolitical situation, especially the ongoing Russian-Ukrainian conflict, which started in 2022. Chainalysis claims that this conflict disrupted the operations of some cyber actors and shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.
This explains why ransom payments dropped significantly in 2022, after reaching a peak in 2021. However, this drop was not due to better security tools, laws, or practices, as some security experts hoped. Instead, it was a temporary lull before the storm, as ransomware activity surged again in 2023.
Another factor that shapes the ransomware landscape is the evolution of the ransomware business model. Chainalysis reports that there are two main types of ransomware operators: large crime syndicates and smaller affiliates. The former are responsible for developing and maintaining the ransomware software, while the latter are the ones who launch the attacks using the software provided by the former.
The large crime syndicates tend to focus on high-value organizations, demanding larger ransom payments and increasing their profits. They also offer ransomware-as-a-service (RaaS), which allows anyone with less technical knowledge to launch attacks using pre-built tools and packages. Chainalysis calls RaaS a “force multiplier”, as it enables the ransomware strain to carry out a large quantity of smaller attacks.
The report also warns that ransomware is not only a Windows problem. Mac users are also at risk, as ransomware variants that target Mac devices have emerged in recent years. To protect their Macs from malware or adware, users are advised to use reputable security software, such as Malwarebytes or CleanMyMac X, which can detect and remove such threats. Users should also exercise caution when clicking any links and opening attachments, as malware can be delivered in many ways.
Ransomware is a serious and growing threat that affects individuals and organizations alike. It is not a problem that can be solved by one party alone, but requires a coordinated effort from the public and private sectors, as well as the users themselves. By raising awareness, improving security, and enforcing laws, we can hope to reduce the impact and prevalence of ransomware in the future.
