Ransom refusals hit attackers where it hurts: 40% revenue drop in 2022 — Chainalysis

cointelegraph.com:

Ransomware victims have seemingly had enough of the extortion, with ransomware revenues for attackers plummeting 40% to $456.8 million in 2022.

Blockchain intelligence firm Chainalysis shared the data in a Jan. 19 report, noting that the figures don’t necessarily mean the number of attacks is down from the previous year.

Instead, Chainalysis noted that companies have been forced to tighten cybersecurity measures, while ransom victims have been increasingly unwilling to pay attackers their demands.

The findings formed part of Chainalysis’ 2023 Crypto Crime Report. Last year, revenue from ransomware was a whopping $602 million at the time of the 2022 report, which was later tipped up to $766 million when additional cryptocurrency wallet addresses were identified.

Chainalysis added that the nature of blockchain means that attackers are having an increasingly hard time getting away with it:

Interestingly, ransomware attackers resorted to centralized cryptocurrency exchanges 48.3% of the time when reallocating the funds — up from 2021’s figure of 39.3%.

Chainalysis also noted that mixer protocols such as the now OFAC-sanctioned Tornado Cash, increased from 11.6% to 15.0% in 2022.

On the other hand, fund transfers “high-risk” cryptocurrency exchanges fell from 10.9% to 6.7%.

In insights shared with Chainalysis, threat intelligence analyst Allan Liska of Recorded Future said that the United States Office of Foreign Assets Control’s (OFAC) advisory statement in September 2021 may partly account for the revenue fall:

A statistical analysis carried out by Bill Siegel, CEO of ransomware incident response firm Coveware also suggested ransomware victims are becoming less reluctant to pay up:

Cybersecurity insurance firms are also tightening