Ransomware Gangs See Profits Crater As Cyber Insurance Policies And Governments Crack Down

hero ransomware gangs profits crater cyber insurance governments news
This past July, we wrote about a report published by Coverware that found that the dollar value of the median ransomware payment was on a downward trajectory beginning in Q1 2022 and continuing in Q2 of the same year. However, we weren’t sure whether this decrease in the value of individual payments would reflect in the total revenue collected by ransomware gangs, as a larger number of smaller ransomware payments could still result in the same or higher total revenue as prior to this decline. The possibility that ransomware gang revenues would stay static or increase seemed likely, given the doubling in the number of ransomware attacks each of the past two years. Fortunately, it seems that we may have been overly pessimistic about the state of ransomware, as the blockchain analysis firm Chainalysis has published findings from its upcoming 2023 Crypto Crime Report showing that ransomware gangs’ total revenue from collecting ransom payments has declined over the past year.

It’s standard practice for ransomware gangs to request that victims pay ransom fees in cryptocurrency. Once purchased and transferred to a private wallet, cryptocurrency can be easily transferred without interference from financial institutions, regulators, or law enforcement. However, because blockchains are publicly accessible virtual ledgers, it is relatively easy to trace cryptocurrency transactions, except in the case of a few privacy-preserving currencies designed to obscure transaction details. By analyzing transactions on blockchains, investigators, both public and private, can track payments made to ransomware gangs.

Chainalysis has been conducting this sort of analysis and publishing its findings for multiple years in a row, and the company’s latest findings show that ransomware revenue in 2022 fell 40.3% compared to 2021. According to the blockchain analysis company, ransomware gangs extorted their victims of at least $766 million in 2021, which is significantly higher than the $457 million in ransomware payments Chainalysis identified in 2022.

value of ransomware payments 2017 2022 news
Ransomware revenue over time (source: Chainalysis)

As Chainalysis makes clear, the total revenue collected by ransomware gangs in each year is likely much higher than the numbers the company publishes, as Chainalysis can’t guarantee that it has identified all cryptocurrency addresses used by ransomware gangs. Since the publishing of last year’s Crypto Crime Report, Chainalysis has attributed $164 million more in cryptocurrency transactions to ransomware payments in 2021. The total number for 2022 will almost definitely go up from where it is now as well. Nonetheless, given the significant delta between last year’s total and this year’s, Chainalysis still thinks there’s validity to the story its numbers tell, which is that ransomware revenue was down in 2022 compared to the two prior years. The company also consulted Michael Philips, Chief Claims Officer at the cyber insurance company Resilience, who told Chainalysis the cyber insurance industry is also seeing evidence that the number of successful ransomware extortion attempts has been lower than expected.

What, then, explains this decrease in ransomware revenue? Chainalysis called on the expertise of various cybersecurity professionals and researchers to help answer this question. According to Allan Liska at Recorded Future, the monitoring of ransomware gangs’ dedicated leak sites (DLS) indicates a 10.4% drop in ransomware attacks in 2022 compared to the prior year. However, this 10.4% decrease in the number of ransomware attacks doesn’t fully explain the 40.3% drop in revenue collected by ransomware gangs.

Numbers provided by Bill Siegel of Coverware suggest that much of the decrease in ransomware revenue is likely the result of a growing unwillingness among ransomware victims to pay ransom fees. Between 2019 and 2022, Coverware observed the likelihood that ransomware victims pay ransom fees significantly decline from 76% to just 41%. In an attempt to explain the decline in ransomware victims willing to pay ransom fees, the experts consulted by Chainalysis pointed to increasing requirements by cyber insurance companies and threats by the US government to impose legal consequences for violating sanctions by paying ransomware groups. The threat posed by ransomware and security breaches in general has driven companies to seek cyber insurance. At the same time, cyber insurance companies have pushed their clients not to pay ransom fees and instead implement and rely on comprehensive backup systems.

We’ll have to see how well the trend identified by Chainalysis holds up over time, but the situation in the cyber threat space may be looking up on the ransomware front.