BlocksInform
The total number of cryptocurrency criminals have been able to fly thanks to ransomware attacks fell by 40% in 2022.
Ransomware attackers extorted at least $457 million of victims' cryptocurrency last year, according to chainalysis's latest. This represents a significant decrease from the $766 million in the previous year, a decrease of approximately 40.3 per cent. The report attributed this decrease to two factors, the increased risk for victims to pay, and improvements in cybersecurity measures.
Online crime is on the decline.
One of the reasons why victims were not able to pay is because the risk is greater. In Sept. 2021, the U.S. Office of Foreign Assets Control issued an advisory on the potential for sanctions violations when paying ransoms. Since then, the biggest legal threat of ransom payment has deterred many victims from even attempting to do so.
"with the threat of sanctions, there is the additional threat of legal consequences to pay [ransomware attackers]," said the analyst of recorded intelligence and ransomware expert allan liska. Bill Siegel, CEO and co-founder of ransomware incident response firm Coveware agreed, saying his firm refused to pay ransoms if there’s even a hint of connection to a sanctioned entity.
Another reason victims have been paying less is because many prospective targets have taken the appropriate security measures. As well as making progress on cybersecurity, many of these companies have also strengthened their data back-up processes. These security measures were taken in large part because of requests from cyber insurance companies.
"Today, businesses need to comply with strict cybersecurity and safeguards to be assured for ransomware coverage," said an expert. 'These requirements have been proven to actively help businesses rebound from attacks instead of paying ransom demands.”
10,000 Strains and Affiliate Overlap
Despite declining revenues, the report noted that the number of single strains of ransomware in operation has increased significantly over the past year. According to research by the fortinet cybersecurity company, more than 10,000 single strains were active in the first half of 2022.
While chain data confirm that there has been a significant increase in the number of active strains in recent years, the vast majority of ransomware revenues are allocated to a small group of strains.
The report also highlighted a common practice which it had found to be referred to as affiliate overlap. Most ransomware strains function as a ransomware-as-a-service (raas), mostly rented to affiliates at a cost.
The report found that these subsidiaries often use multiple different strains simultaneously. As a result, many attacks attributed to multiple different strains may actually have been carried out by the same affiliates.
