- Ransomware made a significant comeback in 2023, with payments exceeding $1 billion, marking an increase in the scope and complexity of attacks.
- This is a notable shift from the decline observed in 2022, which was considered an anomaly rather than a trend.
- The Chainalysis report indicates a growing problem over the years, despite a temporary decrease in ransomware payments in 2022.
- The 2023 escalation saw an increase in the frequency, scale, and volume of ransomware attacks, involving diverse actors, from large syndicates to smaller groups and individuals.
- Initial Access Brokers (IABs) played a role in facilitating ransomware attacks by providing access to networks, which they sold to attackers for a relatively low cost.
- Monitoring IABs could offer early indicators for potential intervention and mitigation of attacks.
- Chainalysis discovered a correlation between funds flowing into IAB wallets and an increase in ransomware payments.
- Centralized exchanges and mixers have consistently been preferred for laundering ransomware payments, but new services like bridges, instant exchangers, and gambling services gained traction in 2023.
- Shifts in laundering methods are attributed to takedowns disrupting traditional methods, stricter Anti-Money Laundering/Know Your Customer (AML/KYC) policies, and unique preferences of new ransomware actors.
- Chainalysis observed significant concentration in specific services within each category that ransomware actors use for laundering, with exchanges showing the least concentration and gambling services, cross-chain bridges, and sanctioned entities exhibiting the highest levels of concentration.
#SecurityInitiatives #ChainalysisReactor #RansomwareAttackUpdate
