Article 6842H Ransomware victims are refusing to pay, tanking attackers’ profits

Ransomware victims are refusing to pay, tanking attackers’ profits

by
Kevin Purdy
from Ars Technica - All content on (#6842H)
GettyImages-1409300273-800x533.jpg

Enlarge / Holding up corporations, utilities, and hospitals for malware-encrypted data used to be quite profitable. But it's a tough gig lately, you know? (credit: ifanfoto/Getty Images)

Two new studies suggest that ransomware isn't the lucrative, enterprise-scale gotcha it used to be. Profits to attackers' wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports.

Chainalysis, a blockchain analysis firm that has worked with a number of law enforcement and government agencies, suggests in a blog post that based on payments to cryptocurrency addresses it has identified as connected to ransomware attacks, payments to attackers fell from $766 million in 2021 to $457 million last year. The firm notes that its wallet data does not provide a comprehensive study of ransomware; it had to revise its 2021 total upward from $602 for this report. But Chainalysis' data does suggest payments-if not attacks-are down since their pandemic peak.

chainalysis1-640x458.png

Chainalysis' data from ransomware wallets suggests a marked decrease in payments to attackers last year-though the number of attacks may not have declined so markedly. (credit: Chainalysis)

Chainalysis' post also shows attackers switching between malware strains more quickly, and more known attackers are keeping their funds in mainstream cryptocurrency exchanges instead of the illicit and funds-mixing destinations that were more popular in ransomware boom times. This might look like a sign of a mature market with a higher cost of entry. But there's more to it than typical economics, Chainalysis suggests.

Read 5 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments