Ransomware is a type of malicious software that encrypts the victim’s data and demands a payment, usually in cryptocurrency, to restore access. Ransomware attacks have become a major threat to businesses, institutions, and individuals around the world, causing significant economic and social damage.
In this blog post, we will examine the trends and developments of ransomware in 2023, based on data from Chainalysis, a leading blockchain analysis firm. We will also discuss some of the challenges and solutions for combating this growing menace.
Ransomware payments nearly doubled in 2023
According to Chainalysis, ransomware actors collected a record-breaking $1.1 billion in crypto payments from their victims in 2023, up from $567 million in 2022. This represents a 76.4% increase year-over-year and a reversal of the decline observed in 2022.
The surge in ransom payments was driven by several factors, including:
– The emergence of new ransomware groups and variants, such as REvil, Ryuk, Maze, and Conti, that targeted high-profile and high-value organizations across various sectors, such as healthcare, education, government, and entertainment.
– The adoption of more sophisticated and aggressive tactics by ransomware actors, such as double extortion (threatening to leak stolen data), triple extortion (targeting customers or partners of the victim), and distributed denial-of-service (DDoS) attacks (disrupting the victim’s online services).
– The rise of ransomware-as-a-service (RaaS) platforms, such as DarkSide and NetWalker, that enabled less skilled or experienced hackers to launch ransomware attacks using pre-made tools and templates, in exchange for a share of the profits.
– The increased availability and use of cryptocurrencies, especially Bitcoin and Monero, that facilitated anonymous and fast transactions between ransomware actors and their victims.
Ransomware attacks hit critical infrastructure and institutions
One of the most alarming trends of ransomware in 2023 was the increasing targeting of critical infrastructure and institutions that provide essential services to society, such as hospitals, schools, government agencies, and utilities.
According to Emsisoft, a cybersecurity firm, 46 hospital systems in the United States were directly affected by ransomware in 2023, experiencing disruption due to the lack of access to IT systems and patient data. This is up from 25 in 2022 and 27 in 2021. K-12 schools experienced it the worst, with 108 reported instances.
Some of the most notable ransomware attacks in 2023 were:
– The attack on MGM Resorts International, one of the largest casino operators in the world, that compromised the personal data of more than 10 million customers and cost the company over $100 million in lost revenue and cleanup fees.
– The attack on Colonial Pipeline, the largest fuel pipeline in the US, that forced the company to shut down its operations for several days and triggered panic buying and gas shortages across several states.
– The attack on JBS, the world’s largest meat processor, that disrupted its production and distribution in North America and Australia and resulted in a $11 million ransom payment.
– The attack on Ireland’s Health Service Executive (HSE), the country’s public health system, that crippled its IT infrastructure and affected its patient care and COVID-19 response.
– The attack on Kaseya, a software provider for managed service providers (MSPs), that exploited a vulnerability in its software and infected thousands of MSPs’ clients around the world with REvil ransomware.
Ransomware challenges and solutions
Ransomware poses a serious challenge for law enforcement agencies, cybersecurity experts, policymakers, and businesses alike. Some of the main challenges are:
– The difficulty of tracing and identifying ransomware actors, who often operate from jurisdictions with weak or no cooperation with international authorities.
– The lack of consistent reporting and data sharing among victims, who may be reluctant or unable to disclose ransomware incidents due to legal, reputational, or operational reasons.
– The dilemma of whether to pay or not to pay the ransom, which involves weighing the costs and benefits of each option and considering the ethical and legal implications.
– The complexity of preventing and recovering from ransomware attacks, which requires implementing multiple layers of security measures, backups, contingency plans, and incident response protocols.
Some of the possible solutions for addressing these challenges are:
– Enhancing international collaboration and coordination among law enforcement agencies, cybersecurity experts, policymakers, and businesses to share information, resources, best practices, and sanctions against ransomware actors.
– Increasing public awareness and education about ransomware risks and prevention strategies among individuals and organizations.
– Developing technical standards and guidelines for securing critical infrastructure and institutions against ransomware attacks.
– Promoting alternative methods of resolving ransomware incidents, such as negotiation, mediation, or arbitration, that may reduce the need or incentive for paying the ransom.
– Supporting the development and adoption of innovative technologies and solutions that can detect, block, or mitigate ransomware attacks, such as artificial intelligence, blockchain, or quantum computing.
Ransomware is a growing and evolving threat that requires a comprehensive and collaborative approach to combat. In 2023, ransomware actors demonstrated their ability and willingness to target critical infrastructure and institutions, causing unprecedented harm and disruption. To prevent and respond to ransomware attacks, we need to improve our security posture, resilience, and readiness, as well as our cooperation and coordination with other stakeholders. Ransomware is not a problem that can be solved by any single entity or sector, but by a collective effort of the whole society.