Ransomware Payments Broke $1 Billion Record in 2023


February 7, 2024

World map

A new report indicates that payments to ransomware operators in 2023 exceeded $1 billion, breaking all previous estimations.  

“Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over $100 million,” Chainalysis reports.

“It is important to recognize that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time. For instance, our initial reporting for 2022 in last year’s crime report showed $457 million in ransoms, but this figure has since been revised upward by 24.1%.”

Takeaway: It’s not surprising that ransom payments have crossed the billion-dollar threshold. Ransomware operators run well organized, top-down organizations akin to a legitimate SaaS company.

Ransomware remains one of the most significant threats to organizations of all sizes in all industry verticals.  

Following a bit of a lull the previous year, the first half of 2023 saw more victims impacted by ransomware attacks than in all of 2022 as threat actors continue to leverage Ransomware-as-a-Service (RaaS) platforms to execute their attacks.

The vast majority (75%) of organizations reported being targeted by at least one ransomware attack in 2023, with 26% reporting they were targeted with ransomware four or more times.

Other analysis indicates the volume of attacks surged in 2023 by 55.5% year-over-year with 4,368 cases documented cases. Successful attacks in the U.S. increased by 60% for the healthcare sector, 82% for K-12 schools, and 48% for higher education.

Surprisingly, this do not include the massive number of victims hit with ransomware by way of a vulnerability exploit in the MOVEit managed file transfer software (CVE-2023-34362) the Cl0p ransomware gang leveraged to compromise more than 1000 victims in rapid succession.

A recent study revealed that ransomware attacks against the healthcare sector have bled the US economy of tens of billions of dollars in over the past seven years, with 539 attacks reported impacting nearly 10,000 healthcare facilities and over 52 million patient records compromised.

Hard numbers on the extent of the ransom crisis are hard to come by, and the problem may be even bigger than we think following a report that revealed over half (61%) of executives say their organizations do not report ransomware attacks.

This lines up with what the FBI reported after spending seven months observing the Hive ransomware gang by infiltrating their operations. The FBI came to the shocking conclusion that only 20% of attacks were being reported to law enforcement.

There is no threat as pervasive as what we see with the explosion in ransomware operators, variants, affiliate threat actors, and total dollar losses to victim organizations, and the potential for an attack to have widespread and very serious repercussions is immanent.

We have reached the point where ransomware attacks targeting healthcare and other critical infrastructure providers should be classified as state-supported terrorism, and the U.S. government should be responding to them accordingly.

While the huge losses from ransomware attacks reported are staggering, it’s the increasing threat to human life that should be of greatest concern.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.