As Ransomware Rages We All Bear the Costs


July 13, 2023

World map

New research from blockchain research firm Chainalysis reveals that ransomware operators are approaching near-record profits in the first half of 2023, having extorted nearly a half-billion dollars from victim organizations.

The researchers note that this estimate is likely much lower than actual, as the estimates were only based on cryptocurrency wallets being monitored.

This follows reports that the month of March will go down in the record books as the most prolific period to date for ransomware operators, with 459 successful attacks, up 91% from February volume and up 62% year-over-year.

This figure is also assumed to be low compared to actual, with the FBI recently estimating that only 20% of ransomware attacks are reported to authorities.

But it is not just the number of attacks and total dollars extorted that put an exclamation point on the first half of 2023; Chainalysis measured increases both in the number of payments under $1,000 as well as the number of payments over $100,000 – essentially, everyone is now a target of ransomware attacks.

“The payment size distribution has also extended to include higher amounts compared to previous years. In other words, we’re seeing growth in ransomware payments at both ends of the spectrum,” the researchers told Recorded Future.

“Groups like Cl0p, ALPHV/BlackCat and Black Basta saw average payments hovering above $750,000 and into the millions. Cl0p led the way with an average payment size of $1.73 million and a median payment size of $1.94 million.”

Takeaway: Hard data is hard to come by with regard to accurately assessing the impact of ransomware attacks; private organizations are not required to report attacks, nor are individuals.

As mentioned above, after the FBI spent 7 months lurking in the attack infrastructure of the Hive gang, they assessed that only one-in-five attacks are reported to law enforcement. If we do some simple extrapolation, the figure above jumps to about $2.5 billion dollars extorted in the first half of the year.

That would put the Ransomware Economy on pace to post $5 billion in extorted funds for the year. And it is growing.  

What are some other “industries” that average about $5 billion a year? How about the cybersecurity products and services sector for a start, then there is also telemedicine and other on-demand services, as well as the booming green energy sector, and more.

Ransomware is big, big, big business. These costs are passed on to consumers, to other businesses, to state and local governments, and so on. The financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy.

The only way we can counter its growth as a major industry vertical is to disincentivize the attackers. The only way to disincentivize them is to make ransomware attacks unprofitable, and we are a long, long way from accomplishing that.  

In the meantime, we can work to raise the bar for the attackers.  

Don’t want your organization to fall prey to cyber extortion? Then don’t be the low hanging fruit. Currently the Cl0p gang is compromising hundreds of targets weekly leveraging patchable vulnerabilities in common software products.

And even more organizations are being victimized through the same mechanisms - and even more data is being exfiltrated as you read this article. Yet, almost every one of these attacks was preventable – or at least could have been made much more difficult to achieve.

While we cannot prevent ransomware attacks, we can prevent them from being successful. We can prevent extensive network intrusions. We can prevent data exfiltration. We can prevent widespread encryption of critical systems. We can prevent the need to pay a ransom demand.

Resilience is key here. But building resilience for an organization is not an easy task, and it requires significant investments in the security trinity: people, processes, and technology.

We can collectively choose to invest in resilience and realize returns measured in network uptime and productivity, or we can choose to continue investing in the multi-billion-dollar industry that is the Ransomware Economy, for which we will enjoy zero returns on our investments.

It’s a choice we are all facing today, whether we know it or not. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.