In 2024, payments to ransomware attackers dropped by 35%, totaling $813.55 million—a significant decrease from $1.25 billion the previous year. Only about 30% of those who entered negotiations with ransomware perpetrators actually proceeded to pay the ransom.
Blockchain intelligence firm Chainalysis reported these figures, highlighting a significant decline in an otherwise record-breaking year for ransomware. Despite this, the year recorded a staggering ransom payment of $75 million by a Fortune 50 company to the Dark Angels ransomware group.
Yearly payments to ransomware groups (Source: Chainalysis)
Additionally, the NCC Group reported that 2024 experienced the highest number of ransomware breaches ever, with 5,263 successful attacks. Chainalysis also noted increased disclosures on data leak sites, indicating that attackers are ramping up their efforts to extort money as they struggle to secure payments.
Increasing Resilience Against Ransom Demands
The decline in ransomware payments amid rising attacks in 2024 can be attributed to several crucial factors, primarily the growing resistance from victims. As awareness of the dangers associated with ransomware breaches spreads across various sectors, more organizations are investing heavily in cybersecurity.
Also, there is a growing realization that the assurances by attackers to delete stolen data are not reliable. As such, more entities are opting not to engage with the threat actors. Instead, they choose to handle the potential reputation damage and restore their systems using backups.
Another major reason for the downturn was law enforcement agencies targeting ransomware gangs more aggressively. Take, for instance, Operation Cronos, which broke up LockBit, one of the most dangerous ransomware groups at the time.
The downfall of ALPHV/BlackCat through an exit scam caused further disruption in the ransomware community, making it difficult for smaller groups to fill the gap, despite attempts by RansomHub to establish itself.
In the end, Chainalysis reports that even though some high payments were made, the median ransom amounts in 2024 were generally lower, indicating successful negotiations for reduced payments.
The Challenge of Money Laundering
For ransomware criminals who manage to receive payments, laundering the funds has become increasingly challenging. Following stringent law enforcement actions against cryptocurrency mixers and exchanges that failed to comply with KYC regulations, these criminals have been forced to find alternative methods.
Ransomware laundering methods trends (Source: Chainalysis)
According to Chainalysis, there has been a noticeable shift from using mixing services to employing cross-chain bridges as a strategy to mask their transactions and dodge tracking efforts.
Despite these challenges, centralized exchanges remained the most popular method for cashing out ransomware profits in 2024 and accounted for 39% of all transactions. Chainalysis also observed a rising trend among affiliates to store their ill-gotten gains in personal wallets, often delaying cash outs due to fears of being tracked and apprehended.
Anas Hasan
February 7, 2025
1 month ago
