The value of payments made to cyber-criminals using ransomware fell by almost a third in 2024, according to analysis by blockchain and crypto services provider Chainalysis.
It found that ransomware criminals globally made a total of around $813.6m (£652.7m) last year.
This represented a fall of more than 30% compared to the $1.25bn raked in across 2023.
That had represented a record haul for ransomware gangs, but the 2024 figure was also less than the $999m paid in 2020 and the $1.1bn recorded in 2019.
Ransomware is a category of malicious software designed to block access to a computer system and/or data until a payment – the ‘ransom’ – is made.
Many of these cyber-criminals, particularly the organised gangs, are based in Russia and former Soviet states.
There are a number of models for the attacks, but data and files will typically be encrypted to block access, with the ransomware gangs demanding payment in cryptocurrencies.
There were a number of factors behind the drop, including law enforcement crackdowns around the world and growing international cooperation on ransomware.
An increasing number of victims of ransomware were also refusing to pay, the report noted.
Crackdowns and collaboration helped prevent “ransomware apocalypse”
Jacqueline Burns Koven, head of cyber threat intelligence at Chainalysis, said that these efforts had helped prevent a potential “ransomware apocalypse”.
She said that the sharp decline in payments demonstrated the effectiveness of “law enforcement actions, improved international collaboration, and a growing refusal by victims to cave into attackers’ demands”.
She warned, however, that ransomware attackers remained “prolific”, while the report detailed how many were altering their tactics to adapt to changing responses.
New strains of ransomware code, for example, were being adapted from “rebranded, leaked or purchased code”.
Ransomware demands were also being speeded up, with negotiations often starting within hours of the data being targeted.
Coveware senior director of incident response Lizzie Cookson, who shared insight with Chainalysis for the report, said that the takedown of ransomware gangs LockBit and ALPHV/BlackCat had made a major impact on the “ransomware ecosystem”.
She said that “lone actors” had emerged but that other major groups had not appeared to take their places.
Some other factors linked to the fall in payment amounts could include improved knowledge and resilience, with organisations able to restore more data from backups.
Today’s news was brought to you by TD SYNNEX – the UK’s number one solutions distributor.
