Skip to main content

Security Bite: Ransomware payments hit record $1.1 billion in 2023 despite previous year’s decline

It was a landmark year for ransomware in 2023 and a well-publicized one following the MOVEit and MGM Resorts beaches that shook the security industry. Not only did threat actors collectively pocket a record-breaking $1.1 billion from victims, but a new report highlights how the scope and complexity of these attacks are becoming increasingly concerning.


9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


After a slow 2022, ransom payments almost doubled last year, hitting $1.1 billion compared to 2022’s $567 million. Ransomware actors have “intensified their operations” directed at large institutions, hospitals, schools, and government agencies, according to a report by Chainalysis, a leading blockchain analysis firm.

According to a cybersecurity firm Emsisoft, 46 hospital systems in the United States were directly affected by ransomware in 2023, experiencing disruption due to the lack of access to IT systems and patient data. This is up from 25 in 2022 and 27 in 2021. K-12 schools experienced it the worst, with 108 reported instances.

It’s worth pointing out that these numbers are “conservative estimates” and subject to change as Chainalysis uncovers new cryptocurrency wallet addresses used by cybercrime groups to receive ransom payments. The figures also don’t include the economic impact of productivity loss and repair costs. Estimates could be an order of magnitude greater.

The attack on MGM alone cost the company over $100 million in lost revenue, including $10 million in consulting cleanup fees. However, since the entertainment giant reportedly opted not to pay the ransom, it’s not included in the graph above.

The significant drop in payments in 2022 was originally seen as a glimmer of hope and believed to be the result of better security tools, laws, and practices. Security experts, don’t high-five each other just yet. As nice as that would’ve been, the impact is more geopolitical than anything.

Chainalysis attributes the decrease in activity largely to the ongoing Russian-Ukrainian conflict, which launched in 2022. “This conflict not only disrupted the operations of some cyber actors but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction.”

A lot of ransomware operators are based in Eastern Europe; both in Russia and Ukraine. Between being conscripted and escaping military warzones, threat actors’ priorities likely shifted from being full-time criminal operators.

“In 2023, the ransomware landscape saw a major escalation in the frequency, scope, and volume of attacks,” Chainalysis said.

Threat intelligence firm Recorded Future reported the emergence of 538 new ransomware variants in 2023, with a clear indication that larger crime syndicates are now focusing more on high-value organizations to demand larger ransom payments, thereby increasing their profits.

On the flip side, it’s evident that we’ll see the continued rise in ransomware-as-a-service (RaaS) as operators write software and affiliates, people with less technical knowledge, pay to launch attacks using pre-built tools and packages. “RaaS model is a force multiplier, enabling the strain to carry out a large quantity of these smaller attacks,” Chainalysis writes.

How to check your Mac for malware

Macs aren’t invincible to ransomware! To help ensure your Mac is free from malware or adware, I’d recommend using Malwarebytes, which provides a free app for individuals that can detect and remove such threats. Additionally, CleanMyMac X now includes a malware removal tool powered by MoonLock.

As you know, exercise caution when clicking any links and opening attachments. Malware can be delivered in many ways!


FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications