This article is more than nine months old

Big game hunting is back: Ransomware gangs set for $900m haul this year

Big game hunting is back: Ransomware gangs set for $900m haul this year
While cybercriminals' crypto paydays are shrinking, ransomware gangs have increased their attacks on big businesses.
  • Ransomware heists and impersonation scams surged at the start of 2023.
  • Russia’s invasion of Ukraine diverted gangs last year, which could explain a lull in 2022.
  • However, crypto inflows into known illicit entities are down by 65%, according to a Chainalysis report.

Ransomware gangs are heading for a big year.

Online extortionists are on track to steal almost $900 million in 2023, making it the second worst year for ransomware crime ever.

That is according to research firm Chainalysis’ latest report, which tracked crypto transactions into known illicit entities.

The report noted that the resurgence of ransomware attacks happened when most other crypto-related crimes, apart from impersonation grifts, seem to be declining.

‘A pressure cooker’

Kim Grauer, director of research at Chainalysis, told DL News that reasons for ransomware’s resurgence include a return to so-called big game hunting where larger firms with deep pockets are targeted, following a slow-down in those attacks last year.

Russia’s invasion of Ukraine diverted gangs “from financially inspired cyber intrusions” last year, she added, which could explain the lull of 2022.

NOW READ: Pro-Russian neo-Nazis’ Telegram campaigns raise $5m in crypto – but it’s ‘significantly harder’

At the same time, digital extortionists have become more aggressive, often harassing employees at targeted firms.

Join the community to get our latest stories and updates

Palo Alto Network’s incident and threat intelligence department Unit 42 has noted a similar trend, saying ransomware gangs used harassment as a tactic 20 times more often in 2022 than in 2021.

Ransomware and extortion groups are forcing their victims into a “pressure cooker,” Wendi Whitmore, senior vice-president and head of Unit 42, told Computer Weekly in March.

This year’s heist haul trails the $940 million grabbed in 2021.

In the first six months of this year, ransomware gangs won a $449 million payday.

The Chainalysis report speculated that the rise in harassment may be because more firms refuse to pay, inadvertently prompting criminals to resort to more brutal methods to ensure their payday.

Impersonation scams

Also in the report: individual transfers to impersonation scam addresses jumped by 49% in the first half of 2023, compared to the same period last year.

This suggests more fell victim to fraudsters impersonating law enforcement or other authorities to extort money from victims.

UK, US and Canadian regulators have warned that scammers use real and fake authorities’ names in their cons.

“They exploit peoples’ trust in authority figures and institutions,” Jake Moore, global cybersecurity adviser at cybersecurity firm ESET, told DL News earlier this week.

NOW READ: Crypto scammers ramp up grifts by impersonating regulators and law enforcement

These grifts come as lawmakers, regulators, and law enforcement have cracked down on crypto in general and on fraud in particular, which creates new opportunities for criminals.

Still, illicit inflows from impersonation scams have dropped 23% this year, compared to a decline of 77% for scams as a whole.

Some good news

The good news: overall scams have only netted $1 billion this year, down by nearly $3.3 billion from about $4.3 billion.

The total number of crypto flowing into illicit entities’ coffers fell 65%, representing a $5.2 billion decline, compared to the same period last year.

The report noted that the drop can be attributed to “the sudden disappearance” of two large-scale investment scams: VidiLook and Chia Tai Tianqing Pharmaceutical Financial Management.

While researchers normally expect new cons to fill the void left from scams ending, it seems that no one has done so just yet.

‘Scamming generally correlates with market conditions’

—  Eric Jardine

Another reason behind the decline is the drop in so-called investment scams, where grifters offer victims outsized returns for investments before taking their money.

“Scamming generally correlates with market conditions,” Eric Jardine, cybercrime research lead at Chainalysis, told DL News earlier this week.

“So when Bitcoin’s price declines, scams overall, their revenue flows tend to fall.”

However, these results come with an important caveat: they only represent figures from known entities.

Graur stressed “that these metrics are a lower bound estimate” and that the total volume is bound to “grow over time as we identify new addresses associated with illicit activity.”

‘And we have to keep in mind that this figure doesn’t capture proceeds from non-crypto native crime’

—  Kim Grauer

“And we have to keep in mind that this figure doesn’t capture proceeds from non-crypto native crime,” she said, which for example includes “conventional drug trafficking involving cryptocurrency as a mode of payment.”

Do you have a tip about crypto scams or another story? Reach out to me via email or on Twitter at @ericjohanssonlj.