In the first half of 2024, cybercriminals grabbed $16.7 billion of illicit funds, marking a 20% drop from last year and the fourth consecutive decline year-over-year. Despite that, the big players are thriving.
Large crypto heists have nearly doubled to $1.58 billion, while ransomware inflows hit a record $459.8 million, according to blockchain analysis company Chainalysis.
Ransomware payments are on track to set new records this year, despite a high bar set by the MOVEit zero-day exploitation by Cl0p ransomware in 2023, high-profile law enforcement disruptions of large ransomware gangs such as ALPHV/BlackCat and LockBit, and victims refusing to pay.
In the first half of 2024, ransomware inflows increased to $459.8 million, or by approximately 2% from $449.1 million in the first half of last year. Ransoms paid set a record of over $1 billion in 2023, so there’s still a way to go.
The industry is shifting to “big game hunting” as strains carry out fewer high-profile attacks, but collect large payments. Therefore, 2024 “is set to be the highest-grossing year yet.”
“The median ransom payment to the most severe ransomware strains has spiked from just under $200,000 in early 2023 to $1.5 million in mid-June 2024, suggesting that these strains are prioritizing targeting larger businesses and critical infrastructure providers that may be more likely to pay high ransoms due to their deep pockets and systemic importance,” the Chainalysis report reads.
One illustrative example was the record-breaking single ransom payment of $75 million to the Dark Angels ransomware group.
The highest-severity strains of ransomware gangs underperformed their last year's totals by 50.8% due to the takedowns of the largest players, ALPHV/BlackCat and LockBit. However, the gangs one step below, the so-called high severity strains, more than doubled their activity.
Disruptions fragmented the ecosystem, causing affiliates to migrate to other strains or launch their own.
“Whether it be former affiliates of these well-known threat actor operations, or new upstarts, a large number of new ransomware groups have joined the fray, displaying new methods and techniques to carry out their attacks,” said Andrew Davis, general counsel at Kiva Consulting.
Data leak site statistics from eCrime.ch reveal that ransomware attacks were at least 10% more frequent this year. However, victims are paying ransoms less often. Total ransomware payment events on-chain declined by 27%.
Crypto heists trend upward
Another crime category that bucks the general declining trend is crypto theft. Chainalysis calculated that stolen funds inflows nearly doubled from $857 million to $1.58 billion. On average, a single heist resulted in almost 80% more of cryptocurrency stolen.
This can partly be explained by the rise in the price of bitcoin (BTC), which accounts for 40% of total illicit transaction volume. The number of hacking incidents was almost the same, while the price of bitcoin increased 130%.
Researchers also noted that the value of crypto stolen last year was 50% smaller than in 2022. Crypto thieves also targeted centralized exchanges more frequently.
“Advanced cybercriminals, including IT workers linked to North Korea, are increasingly leveraging off-chain methods, such as social engineering, to steal funds by infiltrating crypto-related services,” the report warns.
Almost a fifth of stolen funds can be attributed to the hack of Japanese crypto exchange DMM, resulting in $305 million lost.
Crypto theft actors share similar characteristics with ransomware operators. These groups are well organized and leverage sophisticated cybercrime infrastructure.
“The key to disrupting cybercrime is disrupting its supply chains, including attackers, affiliates, partners, infrastructure services providers, launderers, and cashout points. Because the operations for crypto heists and ransomware operate almost entirely on the blockchain, law enforcement armed with the right solutions can follow the money to better understand and disrupt these actors’ operations,” the report reads.
The aggregate illicit activity in the first half of 2024 fell by 19.6%, from $20.9B to $16.7B. Those figures are “lower bound estimates” based on inflows to illicit addresses identified by Chainalysis.
Your email address will not be published. Required fields are markedmarked