On Jan. 19, Chainalysis released a report showing that 2022 was an impactful year for fighting cybercrime. Revenue from ransom attacks reduced to $456.8 million from 765.6 million in 2021.
Experts from Chainalysis attribute this considerable drop of 40% to the fact that more ransomware attack victims refuse to pay the criminal groups when threatened.
The report only covered addresses known to be for ransomware criminal groups. Therefore, the amount could be even higher, as many other addresses are yet to be identified. For instance, in 2021, Chainalysis had only identified $602 in ransomware payments. They kept rediscovering new addresses, and the amount shot to $765.6.
Unfortunately, the reduced amount does not translate to a reduction in the attacks. Chainalysis data shows that the number of unique ransomware operations tremendously increased in 2022. Research by Fortinet also indicates that there were over 10,000 new active strains in the first months of 2022.
Another trend being observed is the ransomware lifespan, which keeps getting shorter. The average lifespan of ransomware was at 153 days in 2021. However, this will be reduced to 70 days in 2022. Chainalysis experts explain that the behavior could be connected to the gangs trying to conceal their activities as soon as possible.
Ransomware funds were sent to mainstream exchanges
There was also an increase in ransomware funds going to mainstream exchanges, from 39.3% the previous year to 48.3% in 2022. The amount going to high-risk exchanges reduced from 10.9% to 6.7% in 2022.
Previously, the money would be sent more to places such as Darknet markets for money laundering activities. However, in 2022 the use of funds for illegal services was reduced. Mixer usage rose from 11.6% to 15.0%.
The same groups carry out several attacks
The constant rising of new random strains would suggest the continuous increase of new entrants in crime. This could be far from the truth. Even though there are several active strains throughout the year, the number of individuals behind this crime is minor.
Chainalysis explains that most ransomware attacks use the ransom as a service business model. The model stipulates that the creators allow other affiliates to use the administrator malware in their attacks in exchange for a percentage amount of money.
However, the experts observed that numerous affiliates carry out attacks for several strains. So even though multiple strains are active throughout the year, the same affiliates likely carry out the attacks.