Ransomware payments are down 40.58%, according to a new report by blockchain forensics firm Chainalysis. In the report released Thursday, Chainalysis says ransomware attackers extorted at least $456.8 million in funds in 2022, compared to $765.6 million the year before.
"That doesn't mean attacks are down, or at least not as much as the drastic dropoff in payments would suggest," Chainalysis says. "Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers."
The 2022 roundup follows Chainalysis's end-of-year reporting on the biggest crypto hacks of the last year.
Cybercriminals demanding Bitcoin or other cryptocurrencies in ransomware attacks have long been a stain on the crypto industry and a cudgel that regulators use to call for stricter regulators or outright bans of digital assets. In June 2021, the Biden Administration said it was stepping up its fight against cybercriminals and making combating ransomware a priority for the administration, including an increase in tracking cryptocurrency transactions.
Ransomware is software that can lock a computer and demand a ransom for restoring access, and often includes digital extortion, where some attackers threaten to release sensitive data or pictures from the commandeered machines if the ransom isn't paid. While any computer connected to the internet could potentially be the victim of ransomware, phishing attacks are generally the primary attack vector.
According to Chainalysis, stolen funds from ransomware attacks in 2022 were laundered through centralized exchanges, gambling websites, or coin mixers.
"The share of ransomware funds going to mainstream exchanges grew from 39.3% in 2021 to 48.3% in 2022, while the share going to high-risk exchanges fell from 10.9% to 6.7%," the firm reports adding that coin mixer usage increased from 11.6% to 15.0%.
In August 2022, the U.S. Treasury Department put the Ethereum mixing service Tornado Cash on its Specially Designated Nationals list, effectively banning the coin mixer in the United States. The agency said it took these measures because criminals had used Tornado Cash to launder money.
"As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data," Chainalysis says. "Still, the trend is clear: Ransomware payments are significantly down."
While cybercriminals have traditionally demanded Bitcoin in ransomware attacks, cybersecurity firm Kaspersky says in separate report that privacy coins like Monero and ZCash are becoming popular amongst cybercriminals because of their underlying technology, which includes privacy features not found in Bitcoin.