cryptoslate.com
Funds collected by ransomware attacks fell to $456.8 million in 2022 from a high of $765.6 million in 2021, according to a new report from analytics firm Chainalysis.
Crypto-related ransomware attacks have seen a steep fall in success rate over the last 12 months.
Crypto ransomware activity
The chart below shows the rise and fall of funds acquired through ransomware attacks over the past 6 years. A dramatic increase was seen in 2020 as stolen funds hit $765 million, with 2021 seeing similar amounts stolen by bad actors.
While the Chainalysis report recognized that “the true totals are much higher” as it is likely that there are addresses owned by ransomware attackers that have not yet been identified, the fall indicates victims are becoming wise to such attacks. As a result, Chainalysis made a statement supporting this sentiment.
“[Ransomware payments falling] doesn’t mean attacks are down… We believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.”
Ransomware Strains explode
Although payments to remove ransomware have fallen dramatically, the number of ransomware strains exploded in 2022. A strain is a type of ransomware with common variants: Royal, Ragnar, Quantum, Play, Hive, and Lockbit.
Fortinet, a leading cybersecurity hardware and software company, reported over 10,000 unique strains active throughout 2022.
Strains have a decreasing lifespan as bad actors continue to vary attack vectors to optimize the volume of stolen funds. For example, in 2012, strains lasted 3,907 days, while in 2022, the average length was just 70 days. As a result, cybersecurity solutions must keep up with an increasing number of active strains in their defense strategy.
Ransomware funds
Funds acquired through ransomware attacks are laundered through several avenues. The majority of funds are still sent to popular centralized exchanges. However, P2P exchanges, a popular solution for ransomware attackers in 2018, now make up a tiny percentage of the overall volume.
After centralized exchanges, a persistent method of laundering funds is using darknet markets designated as ‘illicit’ in the Chainalysis chart below. Finally, mixing services make up the next most significant portion, allowing attackers to ‘wash’ crypto with little recourse from global authorities.
"