Ransomware had a ‘watershed’ 2023 after crossing record $1bn

8 Feb 2024

Image: © aLListar/peopleimages.com/Stock.adobe.com

The most prominent ransomware attacks carried out last year related to the ubiquitous Moveit file transfer software, which helped criminals reach the milestone.

Ransomware payments in cryptocurrencies reached an all-time high last year after crossing the $1bn mark for the first time.

This is according to latest figures from Chainalysis, a blockchain analysis firm based in New York, which described 2023 as a “watershed year” for ransomware.

It comes after a brief decline in ransomware payments volume in 2022, when the figure dropped from $983m in 2021 to $567m. Last year, crypto payments made to ransomware criminals amounted to $1.1bn.

“Although 2022 saw a decline in ransomware payment volume, the overall trend line from 2019 to 2023 indicates that ransomware is an escalating problem,” Chainalysis wrote in a blog published yesterday (7 February).

“Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks.”

The firm gave the example of the attack on MGM Resorts by ALPHV-BlackCat and Scattered Spider last year, which led the hospitality giant to shut down its IT systems. While MGM did not pay a ransom, it incurred an estimate cost of more than $100m in damages.

Chainalysis said that the global ransomware landscape is not only “prolific” but also “continually expanding”, making it difficult to monitor every cyberattack and trace any crypto payments made as a result.

“It is important to recognise that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time,” the firm wrote.

“For instance, our initial reporting for 2022 in last year’s crime report showed $457m in ransoms, but this figure has since been revised upward by 24.1pc.”

Firms didn’t like to Moveit

The most prominent ransomware attacks carried out last year related to the ubiquitous Moveit file transfer software, which Chainalysis said helped criminals reach the latest payment milestone.

First reported in May last year, the global Moveit breach, in which hackers exploited a zero-day vulnerability in the file transfer software, affected companies and government agencies on both sides of the Atlantic, including banks, universities, insurance and healthcare providers.

In July, the hack hit closer to home, after Dublin Airport became the latest victim of the cyberattack.

Pay and benefits information of some Dublin Airport employees was compromised in a third-party cyberattack affecting Aon, airport management company DAA confirmed to SiliconRepublic.com at the time.

Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site, which was also responsible for the GoAnywhere MFT attack.

A Hiscox Cyber Readiness Report published in October last year showed that Irish firms were more likely to pay a ransom than their European neighbours.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com