Global ransomware payments topped $1B last year with Russia-based groups blamed for a resurgence in attacks as they stop focusing on Ukraine

pcgamer.com:

The bad guys behind ransomware attacks clocked up over $1.1 billion in extorted winnings in 2023. So says Chainalysis, a blockchain data specialist with a particular interest in the subject given ransom payments are typically made in cryptocurrency.

News of 2023's peak could come as something of a surprise given that 2022 saw a significant dip in ransomware revenues, again according to Chainalysis. It estimates $567 million in payments in 2022, down from $983 million in 2021.

However, if you peruse Chainalysis reasoning for the 2022 dip, the resurgence of ransomware in 2023 makes sense. It's thought one major reason for the 2022 downturn was the war in Ukraine.

Put simply, the bad guy's were distracted away from generating cash for themselves in favour of politically motivated attacks in support of the Russian regime. In early 2022, for instance, the Russia-based ransomware group Conti reportedly issued a blog post expressing support for Putin's so-called special military operation and promising to strike at Russia's enemies with "all possible resources." 

Another factor in 2022's dip was the FBI's success in infiltrating ransomware group Hive. Chainalysis estimates that through the recovery of decryption keys and other knock-on effects, over $200 million in payments were likely averted.

But as the war in Ukraine has shifted from acute conflict to attritional slog, it seems Russian ransomware operatives have found time to get back to their usual fare of ripping off as many people and companies as possible.

The increase in the use of zero-day exploits is also said to be a factor in 2023's huge uptick in ransomware revenues. Chainalysis says they're particularly effective not only because the inherent vulnerabilities they present, but also because the victims may not use the compromised devices or software themselves.

«Zero-day exploits can be even more damaging if they affect software that is ubiquitous but not well-known to end users who are the ultimate victims of