Ransomware Payments Reached $1.1 Billion in 2023 

Ransomware payments reached a record level of a billion in 2023, nearly double the payments in the previous year 2022 by geopolitical events.

Ransomware payments reached a record level of $1.1 billion in 2023, nearly double the payments in the previous year 2022 by geopolitical events. This has amounted to $567 million, according to a new report from Chainalysis, a company specializing in tracking cryptocurrencies. 

Of course, these payments were made in cryptocurrencies, and Chainalysis was able to track the wallets of these currencies linked to cybercriminal groups receiving ransom payments from their victims.

The report also pointed out that these figures represent only the direct payments to hacking groups and do not reflect the accompanying damages from attacks that affect prestigious institutions and some critical infrastructure such as hospitals, schools, and government bodies. 

Notable Development 

In 2022, ransom payments decreased significantly compared to the previous two years, a decline due to several potential factors, including global geopolitical events like the outbreak of the Russian-Ukrainian war, which disrupted the operations of some hacking groups and also shifted their focus from financial gains to cyberattacks with political motives for espionage and destruction on behalf of the conflict parties. 

However, in 2023, the remarkable thing was the evolution of ransomware attacks in terms of complexity and scope. Cybersecurity company Record Future recorded about 538 new types of ransomware viruses during 2023, indicating the emergence of new and independent hacking groups developing their own malicious software. 

Largest Cyber Breach 

One of the main reasons for this increase in 2023 was the year’s largest cyber breach, due to an unexpected “zero-day” security vulnerability in the “MOVEit” file transfer software, developed by Progress Software Corporation, used by thousands of government agencies, financial institutions, and private companies for sending and receiving data and information, often sensitive and in need of a secure transfer method, which the platform indeed provided. 

However, this security vulnerability resulted in the theft of data from more than 2,600 companies and major government institutions in over 30 countries worldwide, after it was exploited by the Russian hacking group known as “CLOP” to seize that data and demand ransom in return. 

Progress Software Corporation issued a warning and a patch for the security vulnerability, assigning it a severity rating of 9.8 out of 10, as it allowed hackers to access the databases of “MOVEit” clients and steal that data. 

The list of victims included federal and government institutions in the United States, most notably the Department of Energy and Johns Hopkins University, alongside institutions and companies in the United Kingdom, including British Airways and one of the country’s largest newspapers “BBC”, as well as the European oil and gas giant “Shell” among others. 

The group has been using the “CLOP” type of ransomware attack in cyberattacks since 2019, publishing victims’ data on its “dark web” site, with the primary goal often being to encrypt data and then demand ransom from the affected company or institution. 

While the group previously targeted geopolitical events victims with ransomware that encrypts files and then contacts the victim demanding payment in “Bitcoin” for the decryption code, the group has increasingly shifted to a strategy of hacking and data theft only, relying on the threat of publishing the stolen sensitive data as a means to extort the victims. 

This is due to the ability to exploit “zero-day” vulnerabilities, enabling the hacker to extract and steal as much data as possible for the largest number of institutions and companies using the affected platform in record time, before the company can correct and close the security vulnerability exploited by the hacker. 

Zero-Day Vulnerability 

When there is an error in the code of a system that can be exploited by a hacker, it is called a “zero-day” vulnerability. If the system developer is not aware of this programming error in advance, they will not have enough time to fix the vulnerability and stop this threat, meaning they have “zero days” ahead, hence the name. 

In most cases, this error exists in the programming code from the beginning, but the developer, cybersecurity team, and users were not aware of it. It can remain undiscovered for a period ranging from days to months and perhaps years until someone finds it. 

Here, the hacker can search for and find this error in the programming code and the problem resulting from it, then exploit it for their benefit by developing malware or viruses that are difficult to detect, and then launch a sudden attack. 

This type of attack poses a serious threat to the company or institution and its data. When the infected system is activated, the malicious software planted by the hacker can infect the application, operating system, or memory, jeopardizing the data and functions of a device, or perhaps endangering the entire network of devices. 


Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.