Ransom money: Despite significant changes in the evolving cybersecurity landscape, the ransomware threat continues to generate hundreds of millions of dollars every year. The most notorious "crews" exploit every avenue to maximize their returns, while victims are not as willing to pay the ransom as they were in the past few years.

Chainalysis has just released its latest report on the ransomware business in 2023. According to data analyzed by the "blockchain data platform" company, ransomware actors intensified their operations, choosing their targets among "high-profile" organizations and critical infrastructures, including hospitals, schools, and government agencies.

Last year was a "watershed year" for ransomware, according to Chainalysis' report. Ransomware payments surpassed the $1 billion mark for the first time, while in 2022, the company recorded a sharp decline in illegal revenues to $567 million. The new results confirm that ransomware is an "escalating problem," and 2022 was an anomaly. However, everything is changing, and cybercriminals have to adapt their malicious strategies accordingly.

The most prolific groups, in terms of revenues, included Alphv/Blackcat, Clop, Play, LockBit, BlackBasta, Royal, Ransomhouse, and Dark Angels. Despite being among the most successful online crime operations discovered in 2023, these cyber gangs achieved their remarkable results by employing different operational strategies.

LockBit had a moderate median payment size and frequency of ransom requests, as Chainalysis data reveals, resulting in a larger total money inflow. Clop and Dark Angels continued by imposing higher ransom requests with a lower payment frequency, while Blackcat exhibited a high frequency and median payment size, contributing to a significant ransom inflow. Phobos experienced the highest frequency of ransom payments but the lowest median amount.

Some ransomware strains, like Clop, have fully adopted a "big game hunting" strategy, as explained by Chainalysis. Criminals have focused on a lower number of attacks with larger payment requests. The Clop gang was also able to exploit zero-day vulnerabilities to try to extort many large organizations en masse, while other ransomware operations increased the attack frequency to compensate for the significant decline in ransom payments.

Chainalysis confirms that an increasing number of ransomware victims are refusing to pay up, opting for different approaches to deal with data exfiltration attacks and other cybercrime threats. Meanwhile, law enforcement agencies have increased their actions against mixing services, underground exchanges, and other middleman operations, where most of the ransom money collected by criminals ends up.