Why do ransomware gangs make so much money?


For many organizations and startups, 2023 was a tough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangson the other hand, had a record year in terms of profits, if recent reports are to be believed.

This is hardly surprising when you look at the state of the ransomware landscape. Over the past year, hackers have continued to evolve their tactics to become more brutal and extreme in their efforts to pressure victims into paying their increasingly exorbitant ransom demands. This tactical escalation, along with the failure of governments to ban the payment of ransoms, has made 2023 the most lucrative year yet for ransomware gangs.

A billion-dollar cybercrime business

According to new data from crypto-crime startup Chainalysisknown ransomware payments nearly doubled in 2023 to surpass the $1 billion mark, calling this year a “major comeback for ransomware.”

This is the highest figure ever, and almost double the amount of known ransom payments recorded in 2022. But Chainalysis said the real figure is likely much higher than the $1.1 billion in ransom payments which he has witnessed so far.

There is, however, a glimmer of good news. If 2023 was overall an exceptional year for ransomware gangs, others hacker-watchers observed a drop in payments towards the end of the year.

This decline is the result of improving cyber defenses and resilience, as well as a growing sense that most victim organizations do not trust hackers to deliver on their promises or delete stolen data as they claim. “This made it possible to better guide victims and reduce payments for intangible insurance,” according to ransomware remediation company Coveware.

Record ransoms

As more ransomware victims refuse to line hackers’ pockets, ransomware gangs are making up for this drop in revenue by increasing the number of victims they target.

Take the MOVEit campaign. The massive hack saw the prolific Russia-linked Clop ransomware gang mass exploit a never-before-seen vulnerability in the widely used MOVEit Transfer software to steal data from the systems of more than 2,700 victim organizations. Many victims are known to have paid the hacking group to prevent the publication of sensitive data.

While it’s impossible to know exactly how much money the massive hack made for the ransomware group, Chainalysis said in its report that Clop’s MOVEit campaign collected more than $100 million in ransom payments and accounted for nearly half of the entire value of ransomware received in June and July. 2023 at the height of this mass piracy.

MOVEit was by no means the only money-making campaign of 2023.

In September, the casino and entertainment giant Caesars paid around $15 million to hackers to prevent the disclosure of customer data stolen during a cyberattack in August.

This multimillion-dollar payment perhaps illustrates why ransomware perpetrators continue to make so much money: the Caesars attack barely made headlines, while another subsequent attack was launched. attack on hotel giant MGM Resorts — which has so far cost the company $100 million to recover from — has dominated headlines for weeks. MGM’s refusal to pay the ransom led to the hackers disclose sensitive MGM customer data, including names, social security numbers and passport details. The Caesars – at least outwardly – ​​appeared largely unscathed, although, by their own admission, could not guarantee that the ransomware group would remove stolen company data.

Threat escalation

For many organizations, like Caesars, paying the demanded ransom seems like the easiest option to avoid a public relations nightmare. But as ransom money dries up, ransomware and extortion gangs are upping the ante and resorting to escalation of extreme tactics and threats.

In December for example, Hackers reportedly tried to pressure a cancer hospital into paying a ransom demand. by threatening to “crush” his patients. Swatting incidents rely on malicious callers falsely claiming it was a false, real threat to life, triggering the response of armed police officers.

We also saw the notorious Alphv ransomware gang (known as BlackCat) weaponizing the US government’s new data breach disclosure rules against MeridianLink, one of the gang’s many victims. Alphv accused MeridianLink of allegedly failing to publicly disclose what the gang called “a significant breach compromising customer data and operational information,” for which the gang took credit.

No ban on paying ransoms

Another reason why ransomware continues to be lucrative for hackers is that, although it is not advisable, there is nothing stopping organizations from paying up – unless, of course, the hackers do. to have been sanctioned.

To pay or not to pay the ransom is a controversial subject. Ransomware fixer Coveware suggests that if a ban on ransom payments were imposed in the United States or any other heavily victimized country, companies would likely stop reporting such incidents to authorities, thereby undoing past cooperation between victims and forces. of the order. The company also predicts that a ban on ransom payments would result in the overnight creation of a large illegal market facilitating ransomware payments.

Others, however, believe that a blanket ban is the only way to ensure that hackers cannot continue to enrich themselves – at least in the short term.

Allan Liska, threat intelligence analyst at Recorded Future, has long opposed banning ransom payments, but now believes that as long as ransom payments remain legal, cybercriminals will do everything they can to to get them back.

“I have resisted the idea of ​​a blanket ban on ransom payments for years, but I think that needs to change,” Liska told TechCrunch. “Ransomware is getting worse, not only in terms of the number of attacks, but also in terms of the aggressive nature of the attacks and the groups behind them. »

“A ban on ransom payments will be painful and, if history is to be believed, will likely lead to a short-term increase in ransomware attacks, but it appears to be the only solution that has any chance of success long term in this area. period,” Liska said.

As more and more victims realize that paying hackers cannot guarantee the security of their data, it is clear that these money-motivated cybercriminals won’t be giving up their lavish lifestyle anytime soon. Until then, ransomware attacks will remain a major lucrative business for the hackers behind them.

Read more on TechCrunch:


Leave a Comment

Your email address will not be published. Required fields are marked *