Ransomware payment decreases by 35% in the year 2024
In a significant development, the cryptocurrency ransomware payments have witnessed a striking 35% decline from 2023 to 2024, falling from $1.25 billion to nearly $814 million. This decrease can be attributed to several key factors, including improved victim resilience, enhanced cybersecurity measures, increased law enforcement actions, stronger regulatory guidance, and ethical issues in ransomware negotiation.
Firstly, more organizations have demonstrated greater resistance to ransom demands. In late 2024, only about 25-32% of companies that faced extortion demands paid the ransom, compared to 85% in early 2019. This decline suggests that companies have strengthened their cybersecurity, backup, and recovery strategies, reducing their dependence on paying criminals to regain access to their data.
Secondly, better implementation of cybersecurity defenses and more robust recovery plans have empowered victims to withstand ransomware attacks without succumbing to payment demands. This includes effective backup systems making ransom payment less necessary.
Thirdly, law enforcement agencies have intensified their efforts to disrupt ransomware operations. The U.S. Treasury’s sanctioning of Russia-based ransomware groups like the Aeza Group and their leadership, as well as investigations into firms negotiating ransomware settlements, reflect significant government crackdowns on these criminal enterprises. These actions disrupt the infrastructure supporting ransomware schemes and reduce incentives to pay ransoms.
Fourthly, regulatory bodies have issued clearer guidance discouraging ransom payments, making it less attractive or even risky for organizations to pay. This regulatory pressure supports the trend of declining ransom payments and encourages organizations to invest in preventive measures.
Lastly, investigations have revealed that some ransomware negotiation firms may have conflicts of interest, potentially encouraging higher ransom payments for profit. Greater scrutiny of these negotiators may lead to better practices that reduce the overall payments made to ransomware actors.
Chainalysis, a leading blockchain analysis firm, has highlighted these law enforcement actions and government sanctions against cryptocurrency laundering services like Tornado Cash and Chipmixer. They found that these crackdowns and collaborations with incident response firms and blockchain experts have disrupted many ransomware groups, reducing their profitability.
However, the decline in ransomware payments occurred despite an increase in "ransomware events" in the second half of 2024. This indicates that while the number of attacks may be rising, the success rate of these attacks is decreasing.
The decline in ransomware payments was particularly evident in the case of the prolific LockBit ransomware gang, whose H2 payments decreased by approximately 79% following disruption by the United Kingdom’s National Crime Agency (NCA) and the U.S. Federal Bureau of Investigation (FBI) in early 2024. Several alleged members of the LockBit ransomware gang were arrested, and the alleged ringleader, Russian national Dimitry Yuryevich Khoroshev, was indicted.
Despite these significant disruptions, ransomware operators continue to adapt and change tactics in response to law enforcement actions. Some operators are storing payments in personal wallets or using cross-chain bridges to "off-ramp" payments to other types of cryptocurrency.
Chainalysis warns that threat actors continue to pose a significant threat, and they observed some "exceptionally large" ransomware payments, such as the record-setting $75 million payment to Dark Angels last year. It is crucial for both individuals and organizations to remain vigilant and continue to strengthen their cybersecurity defenses.
In conclusion, while the decline in ransomware payments is a positive development, it does not mean the end of ransomware attacks. It is essential to maintain a proactive approach to cybersecurity and to collaborate with law enforcement and regulatory bodies to continue disrupting these criminal enterprises.
- The decline in ransomware payments can be linked to the improved incident response and cybersecurity measures implemented by many organizations, resulting in less dependency on paying ransom demands.
- Law enforcement agencies have been actively disrupting ransomware operations, notably through sanctions against Russia-based groups, investigations into ransom negotiation firms, and collaborations with blockchain experts, thus reducing the infrastructure that supports ransomware schemes.
- Regulatory bodies have issued clearer guidance against ransom payments, making it less attractive for organizations to pay, and encouraging them to invest in preventive cybersecurity measures instead.
