“Crypto Crime Report 2024”
Cyber attacks with blackmail software: Perpetrators steal more than a billion euros in ransom worldwide
In a “ransomware” attack, the victims are usually first spied on by cybercriminals
© Sebastian Gollnow / DPA
Attacks using encryption software are a lucrative business for cybercriminals. An analysis firm has recorded a record number of ransoms paid in 2023.
Last year, for the first time, the victims of cyber attacks with blackmail software received more than the equivalent of one billion euros Ransom paid. This emerges from the “Crypto Crime Report 2024” from the analysis company Chainalysis. The damage caused by this “ransomware” is even greater. The report only captures ransom payments made, but does not capture the economic impact of lost productivity and repair costs associated with attacks.
In a “ransomware” attack, the victims are usually first spied on by cybercriminals. The victims’ IT systems are then encrypted and decryption is only promised upon payment of a ransom. Increasingly, threats are being made to publish previously stolen data in order to put additional pressure on the victims. Cybercriminals make their ransom demands almost exclusively in Bitcoin because they expect the cryptocurrency to provide extensive anonymity. However, all transactions in the distributed Bitcoin database (“blockchain”) are publicly viewable.
Chainalysis explained that many victims have now refused to respond to the ransom demands. The entertainment and casino group MGM did not pay a ransom after a “ransomware” attack, but suffered estimated damage of over $100 million.
Ransom amount continues to increase
According to Chainalysis, the total ransom amount of the equivalent of 1.1 billion dollars (1.01 billion euros) is based on a “conservative estimate”. Currently, the “ransomware” landscape is constantly expanding, making it difficult to monitor every incident or track all ransom payments made in cryptocurrencies. The ransom amount will likely increase if new suspicious Bitcoin addresses are discovered over time.
For 2022, Chainalysis was only able to determine a ransom amount of $567 million, while in 2021 at least $983 million flowed to the blackmailers. The interim decline in 2022 is probably due to geopolitical events such as Russia’s attack on Ukraine. “This conflict has not only disrupted the operations of some cyber actors, but also shifted their focus from financial gain to politically motivated cyber attacks aimed at espionage and destruction.”
Despite the increase in ransom payments related to extortion software, Chainalysis’ report shows a sharp decline in other criminal crypto transactions. In 2023, the value received from illegal cryptocurrency addresses fell significantly and totaled the equivalent of $24.2 billion. For 2022, Chainalysis identified illegal value transactions worth the equivalent of $39.6 billion.
The total criminal crypto transactions identified includes assets sent to addresses that Chainalysis has identified as illegal. Additionally, stolen assets in crypto hacking attacks were taken into account. However, the criminal crypto transactions worth $24.3 billion only accounted for 0.34 percent of the total transfer volume on the observed blockchains.