Ransomware revenues reduce by 40% as victims refuse to pay in 2022

Ransomware revenues reduce by 40% as victims refuse to pay in 2022

On Jan. 19, Chainalysis released a report showing that 2022 was an impactful year for fighting cybercrime. Revenue from ransom attacks reduced to $456.8 million from 765.6 million in 2021. 

Experts from Chainalysis attribute this considerable drop of 40% to the fact that more ransomware attack victims refuse to pay the criminal groups when threatened. 

The report only covered addresses known to be for ransomware criminal groups. Therefore, the amount could be even higher, as many other addresses are yet to be identified. For instance, in 2021, Chainalysis had only identified $602 in ransomware payments. They kept rediscovering new addresses, and the amount shot to $765.6. 

Unfortunately, the reduced amount does not translate to a reduction in the attacks. Chainalysis data shows that the number of unique ransomware operations tremendously increased in 2022. Research by Fortinet also indicates that there were over 10,000 new active strains in the first months of 2022. 

Another trend being observed is the ransomware lifespan, which keeps getting shorter. The average lifespan of ransomware was at 153 days in 2021. However, this will be reduced to 70 days in 2022. Chainalysis experts explain that the behavior could be connected to the gangs trying to conceal their activities as soon as possible. 

Ransomware funds were sent to mainstream exchanges 

There was also an increase in ransomware funds going to mainstream exchanges, from 39.3% the previous year to 48.3% in 2022. The amount going to high-risk exchanges reduced from 10.9% to 6.7% in 2022. 

Previously, the money would be sent more to places such as Darknet markets for money laundering activities. However, in 2022 the use of funds for illegal services was reduced. Mixer usage rose from 11.6% to 15.0%.

The same groups carry out several attacks

The constant rising of new random strains would suggest the continuous increase of new entrants in crime. This could be far from the truth. Even though there are several active strains throughout the year, the number of individuals behind this crime is minor. 

Chainalysis explains that most ransomware attacks use the ransom as a service business model. The model stipulates that the creators allow other affiliates to use the administrator malware in their attacks in exchange for a percentage amount of money. 

However, the experts observed that numerous affiliates carry out attacks for several strains. So even though multiple strains are active throughout the year, the same affiliates likely carry out the attacks. 

Follow Us on Google News

Read more about

Julius Mutunkei

Julius is a blockchain reporter skilled at synthesizing all crypto-related information to make articulate texts easy for anyone to grasp. With a beginner's level certificate in Financial Analysis, Julius can read, interpret and report crypto findings to help investors exercise the best judgment in their decision-making process. When he is not caught up in the crypto frenzy, Julius likes playing a game of FIFA with his online buddies.