‘Big Game’ Hackers Help Gangs Break $1BN Ransomware Payment Barrier

Ransomware payments surpassed the $1bn mark in 2023, an unprecedented high driven by ‘big game hunting’ strategies. Some gangs like Cl0p (sometimes spelled CI0P) are carrying out fewer attacks but collecting larger payments when they do, according to a Chainanalysis study.

Cl0p ransomware is associated with the greater TA505 threat group and emerged in 2019. One of its most high-profile strategies was the Cl0p ransomware attack on the data transferring platform MOVEit, now part of Progress Software. Cl0p - said to be a Russian ransomware gang -  injected instructions into the MOVEit code that allowed the gang to steal data from transfers made using MOVEit and amass more than $100m in ransom payments. MOVEit affected companies including the BBC and British Airways.

“Cl0p leveraged zero-day vulnerabilities that allowed it to extort many large, deep-pocketed victims en masse, spurring the strain’s operators to embrace a strategy of data exfiltration rather than encryption,” Chainalysis found. “Overall, big game hunting has become the dominant strategy over the last few years, with a bigger and bigger share of all ransomware payment volume being made up of payments of $1m or more.”

The FBI infiltrated the Hive ransomware variant in 2022, which prevented more than $130m in ransom payments, but 2023 saw the frequency and volume of attacks escalate. More than 500 new ransomware variants were reported during the year and attacks were reported on critical infrastructure including hospitals, schools and government agencies.

‘Big Game’ Hackers Help Gangs Break $1BN Ransomware Payment Barrier

BY
SPYSCAPE
5
MINUTE READ
Share with Twitter
@SPYSCAPE
Share
Share to Facebook
Share to Twitter
Share with email

Ransomware payments surpassed the $1bn mark in 2023, an unprecedented high driven by ‘big game hunting’ strategies. Some gangs like Cl0p (sometimes spelled CI0P) are carrying out fewer attacks but collecting larger payments when they do, according to a Chainanalysis study.

Cl0p ransomware is associated with the greater TA505 threat group and emerged in 2019. One of its most high-profile strategies was the Cl0p ransomware attack on the data transferring platform MOVEit, now part of Progress Software. Cl0p - said to be a Russian ransomware gang -  injected instructions into the MOVEit code that allowed the gang to steal data from transfers made using MOVEit and amass more than $100m in ransom payments. MOVEit affected companies including the BBC and British Airways.

“Cl0p leveraged zero-day vulnerabilities that allowed it to extort many large, deep-pocketed victims en masse, spurring the strain’s operators to embrace a strategy of data exfiltration rather than encryption,” Chainalysis found. “Overall, big game hunting has become the dominant strategy over the last few years, with a bigger and bigger share of all ransomware payment volume being made up of payments of $1m or more.”

The FBI infiltrated the Hive ransomware variant in 2022, which prevented more than $130m in ransom payments, but 2023 saw the frequency and volume of attacks escalate. More than 500 new ransomware variants were reported during the year and attacks were reported on critical infrastructure including hospitals, schools and government agencies.

Article Ad
Article Ad
Article Ad

Read mORE

RELATED aRTICLES

Gadgets & Gifts

Put your spy skills to work with these fabulous choices from secret notepads & invisible inks to Hacker hoodies & high-tech handbags. We also have an exceptional range of rare spy books, including many signed first editions.

Shop Now

Your Spy SKILLS

We all have valuable spy skills - your mission is to discover yours. See if you have what it takes to be a secret agent, with our authentic spy skills evaluation* developed by a former Head of Training at British Intelligence. It's FREE so share & compare with friends now!

dISCOVER Your Spy SKILLS

* Find more information about the scientific methods behind the evaluation here.