Victims of Ransomware Attacks Refusing to Pay: Chainalysis
- Chainalysis stated that ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million in 2021.
- “Much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers,” said the blockchain firm.
- Most of the funds made from the attacks were sent to major centralized exchanges as the usage of DEXs has fallen sharply.
- The lifespan of a strain also dropped with the average strain remaining active for 70 days in 2022 down from 153 in 2021 and 265 in 2020.
2022 was one of the most active years for hackers and fraudsters in the crypto industry, including ransomware attackers. These attackers use a type of software, which is actually malware from cryptovirology, that completely cuts off a user’s access to their personal data or threatens to reveal that data publicly if a ransom is not paid. Interestingly, the revenue of such attackers now continues to decline as victims have started refusing to pay them.
According to a new blog post from blockchain data firm Chainalysis, “Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.” This positive shift in the trend confirms the fact that victims are no longer afraid of such attackers after regulators have become increasingly active in the crypto industry, cracking down on all the developers who use their skills for bad purposes.
Chainalysis also stated that the values it has found are not true and that there are still addresses of ransomware attackers that are yet to be identified. However, the blockchain data firm noted that the money made from such attacks is significantly down. As per the firm’s belief, “much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.”
On the other hand, Chainalysis has reported a substantial growth in the number of ransomware strains in 2022 and also cited a report by cybersecurity firm Fortinet, which claimed that more than 10,000 strains of ransomware were active in the first half of 2022. Interestingly, Chainalysis said that “on-chain data confirms that the number of active strains has grown significantly in recent years, but the vast majority of ransomware revenue goes to a small group of strains at any given time.”
Moreover, the lifespan of ransomware also continued to drop in 2022, and the average strain remained active for over 70 days, which is more than 50% down from 153 days in 2021 and 265 in 2020. Interestingly, the blockchain firm also confirmed that the funds made via these activities are mostly transferred to major centralized crypto exchanges.
“The share of ransomware funds going to mainstream exchanges grew from 39.3% in 2021 to 48.3% in 2022, while the share going to high-risk exchanges fell from 10.9% to 6.7%. Usage of illicit services such as darknet markets for ransomware money laundering also decreased, while mixer usage increased from 11.6% to 15.0%,” said Chainalysis.
Chainalysis also stated that most of the time, these malwares function as a ransomware-as-a-service (RaaS) model, i.e., the developer allows the attackers to use their software for a small cut of the revenue. Additionally, as reported earlier by Bitnation, the American multinational technology corporation Microsoft, has detected an attack called DEV-013 that is specifically targeting crypto startups.