Latest Ransomware Trends and Major Crypto Seizures in 2023

Edward Zhou
Edward Zhou

CEO & Founder

 
July 19, 2025 3 min read

Ransomware Attacks and Blockchain Investigations

Ransomware Report
In 2023, the Caesars Entertainment ransomware attack involved a $15 million ransom demand from the Scattered Spider group, which effectively utilized social engineering tactics to infiltrate the company's systems. The attackers accessed sensitive customer data and initially demanded $30 million but settled for $15 million in cryptocurrency. Chainalysis tools played a crucial role in assisting the FBI to trace and freeze millions of dollars in ransom payments across various blockchains, showcasing how blockchain's transparency can be leveraged in investigations.

A recent report indicates that ransomware has seen a shift, with authorities noting a decrease of 35% in total ransomware payments from $1.25 billion in 2023 to approximately $813.6 million in 2024. This reflects increased resistance from victims and improved preparedness. For more insights on ransomware dynamics, refer to Chainalysis on ransomware disruptions and the evolving ransomware landscape.

Legal Actions Against Extremism

Aram Brunson from Newton, MA, faces charges related to concealing bomb-making activities after an explosion in his dorm at the University of Chicago. The defendant allegedly sought to inspire militant actions against Azerbaijani individuals. Law enforcement discovered that he had been constructing explosive devices and had made videos instructing others on bomb-making techniques. These activities led to his arrest as he attempted to travel to Armenia. The charges carry severe penalties, and the case is indicative of the serious approach federal agencies take toward preventing political violence.

For more information on this case, visit the Department of Justice.

US Marshal Service Bitcoin Holdings

US Marshal Service BTC Holdings
A recent FOIA request revealed that the US Marshal Service holds approximately 28,988 BTC, valued at over $3.4 billion. This information comes from a detailed report that indicates the agency has not sold these assets in recent public auctions. The total amount of Bitcoin held is significant for understanding the government's cryptocurrency reserves.

In the context of asset recovery, it's important to note that the USMS has historically liquidated seized digital assets, particularly from criminal investigations. For more details, check out the report on the BTC held by the US Marshal Service.

Law Enforcement Efforts Against Drug Trafficking

US law enforcement has intensified operations against drug trafficking organizations, leading to significant seizures, including an estimated $10 million in cryptocurrency from the Sinaloa Cartel. This reflects ongoing efforts to combat organized crime and drug trafficking through advanced investigative techniques. To stay updated on law enforcement actions, refer to sources like Bitcoinist.

Gopher Security's Offerings

Gopher Security specializes in AI-powered, post-quantum Zero-Trust cybersecurity architecture, which is crucial in today's evolving threat landscape. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers. We provide services such as AI-Powered Zero Trust Platform, Universal Lockdown Controls, Micro-Segmentation for Secure Environments, and more.

Explore how Gopher Security can enhance your organization's cybersecurity by visiting Gopher Security.

Edward Zhou
Edward Zhou

CEO & Founder

 

CEO & Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article