Is the Underground Ransomware Economy Headed for a Recession?


Ransomware RecessionThere are many key indicators pointing to an economic recession, whether it’s the World Bank cutting its outlook on 2023 global growth to 1.7% or the onslaught of layoffs. Regardless of the indicators, it sure feels like we’re in one.

All this talk of recession made me wonder if the underground ransomware economy has been equally affected. Surely hackers must feel the pain of recession, right? So off I went looking for ransomware economy recession indicators, and, lo and behold, I found some pretty interesting data points. But will it be enough to support my assertion?

Economic Downturn

The first indicator I found comes from Chainalysis, the developer of a cryptocurrency investigation platform. Chainalysis reported that known ransom payments dipped by over 40%, or US$308.6 million, in 2022. There could be several reasons for this drop, ranging from victims and cyber liability insurance providers refusing to pay ransoms to the wider availability of ransomware decryption keys and better data backups. The result is a negative economic impact on ransomware operators. Is this indicator enough? Maybe not, so I searched for more.

Hacker Layoffs

Red Sense Intelligence Operations learned from a disgruntled hacker that the Conti ransomware group laid off 45 call center personnel last year after the call center lost money. The job of these call center workers was to trick unsuspecting people into downloading their ransomware strain. I couldn’t find other examples of hacker layoffs, so it is not looking good for this indicator.

Assertion Confirmed?

So let’s see how things are adding up. So far, we have a downturn in revenue and layoffs, check and check. But is this just a blip? It seems counterintuitive that cybercrime would decrease in a recession; if anything, it should increase. During our last recession from 2008 to 2009, the FBI reported cybercrime increased by 22.3%. As much as I would like to think that hackers are just like the rest of us and feel the impact of a recession, they don’t.

Final Word

Ransomware operators face headwinds in their underground economy through stepped-up law enforcement actions, ransom payment recovery, fewer companies with cyber insurance policies to pay rich ransoms, and victims that refuse to pay and try decrypting their files themselves.

But they also have lots to celebrate. Companies are laying off security personnel, so fewer eyes are on the ball. In addition, shrinking cybersecurity budgets are leading to reliance on older cybersecurity solutions to detect their attacks and artificial intelligence advances such as ChatGPT that are writing malicious code better and faster. So, in the end, my assertion doesn’t hold up, but I had fun thinking about it.

If you want to check if your company is doing the right things to prepare for a ransomware attack, check out my colleague John Keddy’s latest report, Ransomware: Harden the Humans, Not Just the Infrastructure.