Record $1.1 billion paid in ransoms in 2023

2023 marked a major comeback for cyber gangs deploying ransomware, who received a record-breaking sum of at least $1.1 billion in ransom payments. The billion-dollar mark was surpassed for the first time, according to blockchain analysis firm Chainalysis.

For comparison, 2022 saw a decline in payments, with only $567 million transferred to bad actors. The drop in 2022 is attributed to geopolitical events, such as the Russian war in Ukraine, which shifted some cyber actors' focus from financial gains to politically motivated cyberattacks, espionage, and destruction.

Intensified operations in 2023 targeted high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies.

“2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks – a significant reversal from the decline observed in 2022,” the report said. “Keep in mind that this number does not capture the economic impact of productivity loss and repair costs associated with attacks.”


According to a volunteer group of analysts and experts, the true cost of cybercrime may reach $12 trillion by 2025.

Chainalysis notes that ransomware attacks are carried out by both large syndicates and smaller groups and individuals, and numerous new players have joined the illicit market. Recorded Future reported 538 new ransomware variants in 2023, pointing to the rise of new, independent groups.

“Overall, big game hunting has become the dominant strategy over the last few years, with a bigger and bigger share of all ransomware payment volume being made up of payments of $1 million or more,” Chainalysis said.

According to the firm’s data, the share of ransoms of $1 million and above stood at almost 80% by the year-end.

One of the most notorious attacks of 2023 was Cl0p’s exploitation of the MOVEit zero-day vulnerability. The campaign allowed Cl0p to become, for a time, the most prominent strain in the entire ecosystem, amassing over $100 million in ransom payments and accounting for 44.8% of all ransomware value received in June and 39.0% in July.

“2023 was remarkable for the number of high-impact ransomware incidents that utilized zero-day vulnerabilities, which are particularly beneficial for threat actors because they leverage security gaps before developers have the opportunity to create and distribute a fix.”

The researchers observed that criminals use centralized exchanges and mixers as their preferred method for laundering ransomware payments, and it takes weeks, months, or even years to launder all the proceeds.