Chainalysis Reveals Record-Breaking $1 Billion in Ransomware Payments in 2023

Ransomware made a comeback in 2023  – with record-breaking payments and a substantial increase in the scope and complexity of attacks – marking a drastic shift from the decline observed in 2022.

According to the Chainalysis report shared with CryptoPotato, ransomware payments in 2023 exceeded $1 billion, reaching an all-time high. Despite a decrease in ransomware payments in 2022, the overall trend from 2019 to 2023 indicates a growing problem.

The blockchain data platform acknowledged that this figure doesn’t cover the full economic impact, including productivity loss and repair expenses incurred by victims.

Chainalysis: Ransomware Resurges in 2023

Chainalysis revealed that 2022 was an anomaly and not a trend. Various factors, such as geopolitical events like the Russian-Ukrainian conflict, likely contributed to the decline in ransomware activities in 2022. However, 2023 witnessed a significant escalation in the frequency, scale, and volume of ransomware attacks.

These attacks were carried out by diverse actors, ranging from large syndicates to smaller groups and individuals, with experts noting an increase in their numbers.

The rise of Initial Access Brokers (IABs) has facilitated ransomware attacks by providing access to networks, which they then sell to ransomware attackers for a relatively low cost. Chainalysis discovered a correlation between funds flowing into IAB wallets and an increase in ransomware payments, suggesting that monitoring IABs could offer early indicators for potential intervention and mitigation of attacks.

The combination of IABs and readily available Ransomware-as-a-Service (RaaS) platforms has lowered the technical barrier for conducting successful ransomware attacks, according to the findings of the on-chain sleuth firm.

Where Do Ransomware Funds Go?

Centralized exchanges and mixers have consistently represented a substantial share of transactions, suggesting they are preferred methods for laundering ransomware payments.

Regarding the destination of ransomware funds, centralized exchanges and mixers have consistently been preferred for laundering payments. However, new services for laundering, such as bridges, instant exchangers, and gambling services, gained traction in 2023.

This shift is attributed to takedowns disrupting traditional laundering methods, stricter Anti-Money Laundering/Know Your Customer (AML/KYC) policies by some services, and the unique preferences of new ransomware actors.

Chainalysis observed significant concentration in the specific services within each category that ransomware actors turn to for laundering.

The firm identified significant concentration in specific services within each laundering category favored by ransomware actors. Exchanges showed the least concentration, while gambling services, cross-chain bridges, and sanctioned entities exhibited the highest levels of concentration.

Mixers, no-KYC exchanges, and underground exchanges fell in the middle, with approximately half of all funds from ransomware wallets flowing into one service within each category.