Home » Ransomware revenue down 40% in 2022, what does that mean?

Ransomware revenue down 40% in 2022, what does that mean?

by v

According to Chainalysis, ransomware revenues fell sharply between 2021 and 2022, from $766 million to $457 million. If ransomware revenues dropped by 40% in 2022, what does that mean?

According to Chainalysis, ransomware revenues fell sharply between 2021 and 2022, from $766 million to $457 million. While these figures are encouraging, there are a few subtleties to consider when making a meaningful reading of these statistics.

Ransomware revenues fell in 2022

In its latest study on ransomware, on-chain analysis firm Chainalysis shows that ransomware revenues fell in 2022. Indeed, as the graph below shows, this figure has dropped from $766 million to $457 million, a drop of just over 40%:

Figure 1 - Ransomware revenue from 2017 to 2022 according to Chainalysis

Figure 1 – Ransomware revenue from 2017 to 2022 according to Chainalysis


However, Chainalysis urges caution in interpreting the data, as it explains that not all crypto addresses of attackers have been identified yet, which leaves a margin of error in the figures. To give a point of comparison, while attacks in 2021 are now quantified at $766 million, the company had initially announced $602 million in its initial report.

However, although this drop in revenue is real, it does not mean that attacks have fallen, but rather that they are less profitable than before. In fact, the number of ransomware strains is estimated to have increased considerably in 2022, to over 10,000.

This metric may also show growing competition in this fraudulent industry, but Chainalysis believes it is actually more likely that the same criminal organisation may be using multiple strains of malware.

The fight against ransomware is intensifying

While ransomware is still a reality that cannot be denied, the fight against it seems to be making progress. As we have just seen, hackers are multiplying the strains of ransomware they use in order to maximise their profits, and this is reflected in the fact that the duration of use of these programs has fallen sharply over the last 10 years. This has resulted in a sharp decline in the average length of use of ransomware over the past 10 years, from 3,907 days to 70:

Figure 2 - Average number of days a ransomware strain has been in use

Figure 2 – Average number of days a ransomware strain has been in use


Furthermore, companies are now more aware of cyber attacks than they were 10 years ago, and while there is still room for improvement, insurance companies are increasingly encouraging companies to take steps to insure against this risk.

By extension, this greater difficulty in being reimbursed by insurance would make companies think twice about paying ransoms. In four years, ransom payments have fallen from 76% to 41% according to data reported by Coveware to Chainalysis:

Figure 3 - Ransom payments in the event of attacks

Figure 3 – Ransom payments in the event of attacks


Another factor that may explain this decline is a recommendation issued in late 2021 by the Office of Foreign Assets Control (OFAC). The recommendation discouraged the payment of ransomware claims, arguing that this could be contrary to sanctions against certain actors, creating a risk of legal action, and thus contributing to the drop in payments.

The figures are encouraging, but there are a few subtleties that need to be taken into account in order to make an accurate reading of these statistics.

Ransomware revenues fell in 2022

In its latest study on ransomware, on-chain analysis firm Chainalysis shows that ransomware revenues fell in 2022. Indeed, as the graph below shows, this figure has dropped from $766 million to $457 million, a drop of just over 40%:

Figure 1 - Ransomware revenue from 2017 to 2022 according to Chainalysis

Figure 1 – Ransomware revenue from 2017 to 2022 according to Chainalysis


However, Chainalysis urges caution in interpreting the data, as it explains that not all crypto addresses of attackers have been identified yet, which leaves a margin of error in the figures. To give a point of comparison, while attacks in 2021 are now quantified at $766 million, the company had initially announced $602 million in its initial report.

However, although this drop in revenue is real, it does not mean that attacks have fallen, but rather that they are less profitable than before. In fact, the number of ransomware strains is estimated to have increased considerably in 2022, to over 10,000.

This metric may also show growing competition in this fraudulent industry, but Chainalysis believes it is actually more likely that the same criminal organisation may be using multiple strains of malware.

The fight against ransomware is intensifying

While ransomware is still a reality that cannot be denied, the fight against it seems to be making progress. As we have just seen, hackers are multiplying the strains of ransomware they use in order to maximise their profits, and this is reflected in the fact that the duration of use of these programs has fallen sharply over the last 10 years. This has resulted in a sharp decline in the average length of use of ransomware over the past 10 years, from 3,907 days to 70:

Figure 2 - Average number of days a ransomware strain has been in use

Figure 2 – Average number of days a ransomware strain has been in use


Furthermore, companies are now more aware of cyber attacks than they were 10 years ago, and while there is still room for improvement, insurance companies are increasingly encouraging companies to take steps to insure against this risk.

By extension, this greater difficulty in being reimbursed by insurance would make companies think twice about paying ransoms. In four years, ransom payments have fallen from 76% to 41% according to data reported by Coveware to Chainalysis:

Figure 3 - Ransom payments in the event of attacks

Figure 3 – Ransom payments in the event of attacks


Another factor that may explain this decline is a recommendation issued in late 2021 by the Office of Foreign Assets Control (OFAC). The recommendation discouraged the payment of ransomware claims on the grounds that this could be contrary to sanctions against certain actors, creating a risk of legal action, and thus contributing to the decline in payments.

Related Posts

Leave a Comment