Cyber-crime gangs' earnings slide as victims refuse to pay – BBC

wp header logo 156.png

Cyber-crime gangs have had a 40% drop in earnings as victims are refusing to pay ransoms, researchers say.
Cryptocurrency experts at Chainalysis say ransomware groups extorted at least $457m (£370m) from victims in 2022 – $311m less than the year before.
The true figures are likely to be higher, but experts agree that fewer victims are paying.
However, while there has been a drop in criminal revenue, the number of attacks is rising.
Companies, governments, schools and even hospitals around the world are regularly falling victim to ransomware hackers, who lock staff out of their IT systems until a ransom is paid, usually in Bitcoin.
The hackers often threaten to publish or sell stolen data too.
Recent high-profile victims include The Guardian newspaper, the Royal Mail delivery company and Sick Kids Canadian children's hospital.
Many ransomware crews are thought to be based in Russia, although Russian officials deny the country is a haven for the groups.
Analysts at Chainalysis track the money flowing in and out of Bitcoin wallets which are known to be owned by ransomware crews.
Researchers say the criminal proceeds will be much higher than those they can see, because the hackers are likely to use other wallets too.
Nonetheless, the company says, the trend is clear: ransomware payments are significantly down.
Bill Siegel, of Coveware, which specialises in negotiating with hackers, agrees.
His clients are becoming increasingly reluctant to give in to hackers, who can demand millions of dollars.
In 2022, 41% of his clients paid ransoms compared with 70% in 2020, he says.
No governments have made it illegal to pay hacker ransoms, but Mr Siegel and other cyber-experts think that US sanctions against hacker groups, or those with links to Russia's Federal Security Service, have made paying some groups legally risky.
"We refuse to pay ransoms if there's even a hint of connection to a sanctioned entity," Mr Seigel said.
Other factors may also be at play, including an increase in ransomware awareness leading to improved cyber-security at organisations.
"Hackers are definitely finding it harder to get paid for ransomware attacks," said Brett Callow, threat researcher at cyber-security company Emsisoft.
Companies have become better at protecting their back-ups, reducing their need to pay hackers for recovery, he added.
"Additionally, as ransomware attacks have become so common, they are less of a PR disaster for companies, making them less likely to pay to keep incidents quiet and out of the news."
Despite the drop in revenue, the number of unique ransomware strains being used in attacks reportedly increased dramatically in 2022.
Research from cyber-security firm Fortinet found that more than 10,000 unique types of the malicious software were active in the first half of 2022.
The growth in the number of attacks last year could be connected with enforcement actions, mainly by the US authorities, which caused some of the largest ransomware groups to disband.
In November 2021, alleged members of the REvil gang were arrested around the world in a global police operation, with more than $6m in cryptocurrency retrieved by US authorities in a so-called "claw back" hacking operation.
It followed a similar operation by the US in June 2021 that took the Darkside gang offline and recovered $4.1m in stolen funds.
It is thought that these actions may have forced criminals to work in smaller groups and also knocked the confidence of gangs.
This video can not be played
Watch: What is ransomware and how does it work?
Criminals now seem to be carrying out a greater number of smaller attacks instead of going after large Western targets – so-called "big-game hunting" – where large payments are more likely.
"While big-game hunting may have gotten more challenging, it is still rewarding," said Jackie Burns Koven, head of cyber-threat intelligence at Chainalysis.
She warns ransomware is still extremely profitable and smaller-sized organisations should be even more vigilant as hackers spread their net wider in an effort to be paid.
Evil Corp: Searching for the world's most wanted hackers
Jacinda Ardern says no regrets over decision to quit
Germany under pressure as Zelensky urges allies for more tanks
Romania court extends Andrew Tate police detention
Romanian teens explain how Andrew Tate approached them
The secrets of a perfect break-up song
Should China worry about its shrinking population?
Weekly quiz: What got cut from Apple boss's pay packet?
US debt ceiling nightmare is crisis of its own making
Why anti-abortion activists still march on Washington. Video
The race to make diesel engines run on hydrogen
Why Shah Rukh Khan's comeback film is a big deal
Africa's top shots: Celebrating 2973 and baptising Jesus
The simple error that 16% of us make
Gen Z's latest surprising obsession
A return to old-school Canadian glamour
© 2023 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.


Leave a Reply

Your email address will not be published. Required fields are marked *