Annual Ransomware Payments Surpass $1 Billion

Annual Ransomware Payments For the first time, analysis of ransomware payments made in a single year tops $1,000,000,000. This signals a massive return to more frequent, sophisticated, and successful attacks.

Each year, blockchain analysis company, Chainalysis, reports on ransomware payments based on the payments made to digital wallets known to belong to cybercriminals and cybercriminal gangs.

In 2021, ransomware payments totaled $983 million, with 2022 seeing a massive drop in payments down to just $567 million. But 2023’s topping of the $1 billion mark signifies that ransomware attacks are back and in full swing. I should note that Chainalysis is only tracking ransomware payments; the $1 billion number does not reflect the cost of damages from these attacks, just the amounts paid to ransomware gangs and their affiliates.

I found the following chart very insightful. It maps out the ransomware strains by payment size and payment frequency:

chart-4-bubble-chart-1536x1185

Source: Chainalyisis

Like a Gartner Magic Quadrant, the “winners” are in the upper-right, where the largest payments have been made the highest number of times. Alphv (Blackcat) is the clear leader on this list, despite being number 2 for the last few quarters in Coveware’s Quarterly Ransomware reports.

Putting aside specifically those in the upper-right and looking at the chart as a whole, you get a much better picture of just how many gangs there are overall and just how many of them are seeing six- and seven-figure payoffs (lower-right) regardless of the attack frequency.

In other words, ransomware is and will continue to be a very costly problem for organizations. Strong security controls are the only way to avoid paying a ransom. These additional security measures include new-school security awareness training to prevent attacks so you don’t find yourself in the “to pay or not to pay” position.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

How to detect ransomware programs, even those that are highly stealthy

Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)

The policies, technical controls, and education you need to stop ransomware in its tracks

Why good backups (even offline backups) no longer save you from ransomware