Ransomware payments surged past the $1 billion mark in 2023, setting a new record, according to a new report from blockchain analysis firm Chainalysis.
A diverse range of entities, including large syndicates, smaller groups, and individual perpetrators, executed ransomware attacks in 2023, the report said.
“A major thing we’re seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks,” Allan Liska, Threat Intelligence Analyst at the cybersecurity firm Recorded Future, said. The firm identified 538 new ransomware variants in 2023, indicating the emergence of new, independent ransomware groups.
Dark web marketplaces also experienced a surge in 2023, raking in $1.7 billion, Chainalysis said. The rebound comes after a sharp decline in cybercriminal revenue following the shutdown of Hydra in 2022. Hydra was a popular darknet market, which had “over 90% of all darknet market revenue at its peak.”
“Ransomware and darknet markets.. are two of the most prominent forms of crypto crime that saw revenues rise in 2023, in contrast with overall trends,” the report said.
Resurgence of Ransomware and Darknet Markets
The resurgence of ransomware signals a disturbing trend, especially after a decline in ransomware activity in 2022. The report includes a chart showing ALPHV/Blackat, Cl0p, and Blackbasta among the top ransomware strains by revenue in 2023.
High-profile ransomware attacks — like the attack that exploited the MOVEit software — left major entities such as the BBC and British Airways grappling with unprecedented security breaches, the report said.
Furthermore, in 2023, the darknet market landscape saw an unprecedented level of segmentation and role specialization, with platforms diversifying beyond traditional offerings to cater to niche demands. Last year marked a departure from a one-size-fits-all market approach to specialized services that address specific illicit needs, including cybercrime tools and specialized drug trade operations.
Innovations in operational efficiency saw the adoption of crypto payment processors like UAPS, coupled with bold cybercriminal marketing strategies in Russia. These marketing strategies include immersive 3D billboards and QR code advertisements on public transport and public places, marking a new era in darknet market promotion, the report revealed.
“And, perhaps the most aggressive marketing stunt the darknet market ecosystem has seen yet, in December of [2022], Kraken Market wrapped a bus in an advertisement that included a QR code for the market’s website. The bus blocked two traffic lanes on a road near Russia’s Ministry of Foreign Affairs before security forces removed it an hour later,” Chainalysis said.
Cryptocurrency Scams Fell Significantly in 2023 But Still Represent a Threat
Besides ransomware and darknet markets, 2023 also witnessed a notable evolution in cryptocurrency scams. Although losses amounted to at least $4.6 billion, “scamming is down” overall, the report said.
“Crypto scamming and hacking revenue both fell significantly in 2023, with total illicit revenue for each down 29.2% and 54.3%, respectively,” the report explained.
On the other hand, there was a dramatic increase in romance scams, with cybercriminals more than doubling their revenue compared to the previous year. This rise is particularly alarming, considering the emotional and financial toll on victims, making it one of the most impactful forms of cryptocurrency fraud.
Furthermore, “approval phishing” scams have become increasingly sophisticated, targeting individuals with personalized tactics that have led to significant financial losses. Chainalysis identified a network of 1,013 addresses involved in these scams, highlighting the scale and complexity of the issue, with estimated losses reaching approximately $1.0 billion since May 2021.
“.. in an approval phishing scam, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to then drain the victim’s address of those tokens at will. Some victims have lost tens of millions to these scams,” the report said.
The report also highlighted the prevalence of “pig butchering” scams, where fraudsters “often communicate addresses to victims in one-to-one communication channels like text” that are “difficult for blockchain analysts to identify..,” the report said.
Chainalysis said the human cost of these scams isn’t squarely on victims. The report revealed the terrible conditions scammers at KK Park in Myanmar, a notorious pig butchering compound, have to live through.
“They’re forced to work 12 or more hours per day, and if they don’t meet quotas on contacting potential scam victims, the gangs beat them, torture them, and even withhold food,” Eric Heintz, Global Analyst at the Global Fusion Center of the International Justice Mission, said.
Safety Recommendations
Wondering how to protect yourself or your organization from crypto scams and ransomware attacks? Here are some security tips:
For netizens:
- Use multi-factor authentication (MFA) to prevent unauthorized access to your accounts.
- Always verify the authenticity of requests for personal or financial information, especially those sent via email or messaging apps.
- Install a reputable antivirus and anti-malware software. This can help protect your devices from malicious software that could be part of ransomware attacks or scams exploiting zero-day vulnerabilities.
Read our guide to staying safe online for more cybersecurity tips.
For organizations:
- Educate your employees about the latest cybersecurity threats. Since ransomware often starts with social engineering attacks, a well-informed workforce can act as the first line of defense.
- Use firewalls, intrusion detection systems, and regular penetration testing to protect your network. Segmenting your network can also prevent the spread of ransomware if an attack occurs.
- Ensure that all critical data is backed up in a secure and separate location. Regularly test your backup and recovery procedures to minimize downtime and data loss in the event of a ransomware attack.
For more news, follow us on X (Twitter), Threads, and Mastodon!
