Digital Event Horizon
In a surprising turn of events, ransomware payments declined significantly in 2024, despite numerous high-profile attacks and record-breaking payouts. According to Chainalysis' annual crime report, the total amount paid by victims to hackers decreased by hundreds of millions of dollars compared to the previous year.
Ransomware payments decreased overall in 2024 by 35% compared to the previous year. Payments dropped more significantly in the second half of 2024, with $321 million collected between July and December compared to $492 million in the first half. Law enforcement takedowns and disruptions likely contributed to the decline in payments. The trend of decreased ransomware activity was seen before, but has since reversed due to increased threat levels in 2023. Accurate numbers on ransomware attacks and payments are challenging due to attackers' tactics and stigma around victims coming forward. Sustained investment in cybersecurity measures is crucial for defense against growing ransomware threats.
The past year has witnessed a trail of destruction and mayhem left behind by ransomware hackers, with numerous high-profile targets falling victim to their attacks. Digital extortion gangs paralyzed hundreds of US pharmacies and clinics through their attack on Change Healthcare, exploited security vulnerabilities in the customer accounts of cloud provider Snowflake to breach a string of high-profile targets, and extracted a record $75 million from a single victim.
Despite these alarming headlines, the numbers tell a surprising story: Ransomware payments actually fell overall in 2024—and in the second half of the year dropped more precipitously than in any six-month period on record. Cryptocurrency tracing firm Chainalysis today released a portion of its annual crime report focused on tracking the ransomware industry, which found that ransomware victims’ extortion payments totaled $814 million in 2024, a drop of 35 percent compared to the record $1.25 billion that hackers extracted from ransomware victims the previous year.
Breaking down the payments over the course of 2024 shows an even more positive trend: Hackers collected just $321 million from July through December compared to $492 million the previous half year, the biggest falloff in payments between two six-month periods that Chainalysis has ever seen. According to Jackie Burns Koven, who leads cyber threat intelligence at Chainalysis, this drastic reversal of trends is likely due to law enforcement takedowns and disruptions, some of which had delayed effects that weren't immediately apparent in the first half of the year as ransomware victims and the cybersecurity industry grappled with catastrophic attacks.
"Don’t get me wrong: For everyone who’s a defender or an incident responder, it's been a year," Burns Koven says. “But it is noteworthy that for the major attacks that occurred last year, those groups don't exist anymore or have been laying low. There's been a strong signal from law enforcement that if you cross the line, there's going to be consequences."
While this decline in payments during the second half of 2024 is significant, it is not the first time ransomware has seen a decrease in activity. In 2022, researchers saw a marked decrease in activity, with Chainalysis placing total ransomware payments at $655 million compared to $1.07 billion in 2021 and nearly $1 billion in 2020. However, as governments and defenders were initially heartened by this trend, ransomware surged back as an even more dire threat in 2023, totaling by Chainalysis' count $1.25 billion in payments that year.
"I think ebbs and flows are inevitable," says Brett Callow, a managing director at FTI Consulting and longtime ransomware researcher. "If the baddies had a couple of brilliant quarters, a dip will follow, same as if the goodies had some good quarters. That's why we really need to analyze trends over a longer period, because increases and decreases over shorter periods don't really tell us much."
In addition to these ebbs and flows, researchers have long warned that it is difficult to get truly reliable numbers about the volume of ransomware attacks and an accurate total of payments each year. This is partly due to attackers attempting to inflate their records and make themselves seem more effective and menacing by claiming old data breaches as new attacks or simply making up attacks that they haven’t actually carried out. Furthermore, stigma and regulatory requirements often keep victims from coming forward, making it challenging to get accurate numbers about ransomware.
"My vibe from the second half of 2024 is that if there was a decrease, there will also be a rebound," Callow says.
Chainalysis researchers are clear that this 2024 payment decline does not necessarily mean future reductions in ransomware attacks. However, Burns Koven emphasizes that for defenders who are in the trenches on incident response, this data point is useful for making the case that sustained investment in ransomware defense is worthwhile.
“We're still standing in the rubble, right? We can't go tell everyone, everything's great, we solved ransomware—they’re continuing to go after schools, after hospitals and critical infrastructure," Burns Koven says. But she adds, "I don’t think anybody’s necessarily celebrating. I think it's a signal of what work needs to be continued."
In conclusion, the decline in ransomware payments in 2024 serves as a reminder that even in the darkest corners of cybercrime, there is always hope for change and improvement. While law enforcement takedowns and disruptions have undoubtedly played a significant role in this decrease, it also highlights the importance of sustained investment in cybersecurity measures and the need to continue adapting and evolving to combat these growing threats.
Related Information:
https://arstechnica.com/security/2025/02/ransomware-payments-declined-in-2024-despite-well-known-massive-hacks/
https://www.hipaajournal.com/2024-increase-ransomware-attacks-35-decrease-payments/
Published: Mon Feb 17 23:00:15 2025 by llama3.2 3B Q4_K_M
