New Illicit Cryptocurrency Report A Mixed Bag - Ransomware Still Breaking Records

Every year, Chainalysis publishes its crypto crime report, which focuses on tracking illicit cryptocurrency flows associated with cybercrime. Every year it makes for exciting reading, and 2023 is no different.

New Illicit Cryptocurrency Report A Mixed Bag - Ransomware Still Breaking Records

In summary, ransomware payments are up, but cryptocurrency payments related to other forms of cybercrime have experienced a steep decline.

Chainalysis researchers were quick to point out that they did not include data from the various crypto scandals that occurred in 2022, one of which being the FTX scandal involving Sam Bankman Fried which is currently before US courts.

Their reasoning for this is twofold, in that in many of these cases, they are still before the courts, so illegality still needs to be determined, and there is considerable debate as to whether these scandals amount to cryptocurrency crimes or more traditional crimes like fraud but using cryptocurrency as the vehicle to acquire fiat currency.

Illicit transactions did rise for the year 2022 to approximately 20.6 billion USD. This is also a lower-bound estimate, with the actual figure likely being much higher. Interestingly, despite the downturn in the crypto market, there was still an increase in transaction volume over the previous year.

Researchers noted,

It’s also worth keeping in mind that 43% of 2022’s illicit transaction volume came from activity associated with sanctioned entities, in a year when OFAC launched some of its most ambitious and difficult-to-enforce crypto sanctions yet. Crypto exchange Garantex, which accounted for the majority of sanctions-related transaction volume last year, is a great example. OFAC sanctioned Garantex in April 2022, but as a Russia-based business, the exchange has been able to continue operating with impunity. Transactions associated with Garantex or any other sanctioned crypto service represent, at the very least, substantial compliance risk for businesses that are subject to U.S. jurisdiction, including fines and potential criminal charges.

As alluded to above, many types of cybercrime saw their volumes decline year on year in 2022 compared to previous years. Crimes like hacks, scams, malware, abuse material sales, fraud shops, and darknet market revenue declined steeply.

It was only ransomware that witnessed an increase. As to why some cyber crimes may have declined, researchers suggested the following,

The market downturn may be one reason for this. We’ve found in the past that crypto scams, for instance, take in less revenue during bear markets, likely because users are more pessimistic and less likely to believe a scam’s promises of high returns at times when asset prices are declining. In general, less money in crypto overall tends to correlate with less money associated with crypto crime.

Ransomware Spotlight

Unfortunately, for 2023 ransomware payments are on pace for their second-biggest year ever, having extorted at least 449.1 million USD through to June of this year. The numbers presented by Chainalysis showed the cumulative yearly ransomware revenue for 2023 has reached 90% of the 2022 total figure, and that's just in the first half of the year.

If the revenue growth pace is maintained at that level, ransomware actors will make just short of 900 million USD from victims in 2023. This is just below 2021's record figure of 940 million USD.

Researchers believe that the big game hunting trend, targeting large corporations with perceived cash to burn, is the driving force behind this steep revenue rise, as cybercriminals have returned to targeting large organizations that can be extorted for large sums of money.

While the current data for 2023 is concerning, 2022 did bring the public some good news concerning ransomware payments. Ransomware threat actors managed to extort at least 456.8 million USD from victims in 2022, down from 765.6 million USD the year before.

The possible reason provided is that victims, in many cases, are refusing to pay ransom demands. This is a safe assumption as, based on their data, ransomware attacks themselves were not significantly down over 2021.

To further support this claim, the amount of unique ransomware variants exploded in 2022, as Fortinet notes that over 10,000 unique strains were active in the first half of 2022.

Researchers went on to state,

Based on the data available to us now, we estimate that 2022’s total ransomware revenue fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%. However, the evidence suggests that this is due to victims’ increasing unwillingness to pay ransomware attackers rather than a decline in the actual number of attacks.

However, it should be noted that organizations should not pop the champagne just yet, as 2023 is on course to be a near-record year. As data analysis on this scale takes some time, we likely only have some idea as to why 2023 is proving to be such a bumper year for ransomware threat actors.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal