The total amount of crypto criminals were able to steal through ransomware attacks is set to drop by 40% in 2022.
According to the latest report from Chainalysis, ransomware attackers extorted at least $457 million in cryptocurrency from victims last year. This figure represents a substantial decline from the $766 million a year earlier, a decline of some 40.3%. The report attributed the decline to a pair of factors, greater exposure to paying victims and enhanced cyber security measures.
decline in cyber crime
One of the reasons victims have been unable to pay is because there is now a great risk in doing so. In September 2021, the US Office of Foreign Assets Control issued an advisory on the possibility of sanctions violations when paying the ransom. Since then, the huge legal threat posed by paying the ransom has deterred many victims from even trying.
“With the looming threat of sanctions, there is the added risk of legal consequences for paying [ransomware attackers],” said Recorded Future Intelligence analyst and ransomware expert Alan Liska. Bill Siegel, CEO and co-founder of ransomware incident response firm Covware, agreed, saying that his firm has declined to pay ransoms even if there is even an indication of a connection to a sanctioned entity.
Another reason victims pay less is that many potential targets have put in place reasonable security measures. In addition to making advances in cyber security, many of these firms have also enhanced their data backup procedures. These security measures are largely taken into account because of the demands of the cyber insurance firms.
“Today, companies have to beef up backup measures in order to insure for rigorous cyber security and ransomware coverage,” said one expert. “These requirements have proven to actively help companies bounce back from attacks rather than paying ransom demands.”
10,000 strains and associated overlap
Despite the decline in revenue, the report noted that the number of unique ransomware strains in operation increased significantly last year. According to research by cyber security firm Fortinet, there were more than 10,000 unique strains active in the first half of 2022.
While on-chain data confirms that the number of active strains has increased significantly in recent years, the vast majority of ransomware revenue goes to a small group of strains.
The report also highlights a common practice known as affiliate overlap. Most ransomware strains operate as ransomware-as-a-service (RaaS), essentially being rented out to affiliates for a fee.
The report found that these affiliates would often use several different strains at the same time. As a result, multiple attacks attributed to several different strains may actually be perpetrated by the same collaborator.
disclaimer
BeInCrypto has reached out to the company or individual involved in the story for an official statement regarding the recent developments, but has not yet received a response.