The Ransomware business received a success in 2024, and payments fell 35% year after year, according to a new Chainysis report.
Although the number of ransomware attacks increased by 2024, ransomware gangs earned less money, obtaining $ 814 million compared to the 2023 record sum of $ 1.25 billion. The Blockchain analysis firm attributes the decline to a variety of factors, including an increase in the actions and sanctions of application of the law, as well as a growing negative by the victims to pay their attackers.
Last year, less than half of all registered ransomware attacks resulted in victims payments. Jacqueline Burns Koven, chief of intelligence of cyber threats of the chain, told Coindesk that part of the non -payment tendency can be attributed to a growing distrust that complying with the demands of the attackers will really result in the stolen data of the victims are eliminated from the possession of the attacker.
In February 2024, the American insurance company United Healthcare paid a rescue of $ 22 million to the Russian Russian Blackcat gang after one of its subsidiaries was raped and the patient data exposed. But Blackcat implused shortly after the rescue was paid, and the data of United Healthcare had paid to protect was leaked. In the same way, the demolition of another Ransomware gang, Lockbit, by the United States Police and the United Kingdom in early 2024 also revealed that the group actually did not eliminate the data of the victims as promised.
“What illuminated is that the payment of a rescue is not a guarantee of data elimination,” Koven said.
Koven added that, even if Ransomware victims wanted to pay, their hands are often tied by international sanctions.
“There have been a series of sanctions against different ransomware groups and for some entities, it is outside its risk threshold to be willing to pay them because it constitutes the risk of sanctions,” Koven said.
The chain report points to another reason for the decrease in payments in 2024: victims are knowing. Lizzie Cookson, senior director of response to incidents in Coveware, a Ransomware incident response firm, told Chainysis that, due to better cyber hygiene, many victims are now better capable of resisting the demands of the attackers.
“Ultimately, they can determine that a deciphered tool is their best option and negotiate to reduce the final payment, but more often, they find that the restoration of recent backups is the fastest and faster way,” said Cookson In the report.
Challenges to collect
The Chainysis report also suggests that ransomware attackers are also fighting their bad profits obtained. The firm found a “substantial decrease” in the use of cryptographic mixers in 2024, which the report attributed to the “disruptive impact of the sanctions and the actions of application of the law, such as against the squad, the cash of Tornado and Sinbad” .
Last year, more ransomware actors simply maintained their funds on personal wallets, according to the report.
“Interestingly, Ransomware operators, a mainly financially motivated group, refrain from charging more than ever,” he said. “We attribute this to a greater precaution and uncertainty in the midst of what is probably perceived as the unpredictable and decisive actions of the police the services that participate or facilitate ransomware washing, which results in insecurity between the threat actors about where they can put their funds safely. “
Thinking about the future
Despite the clear impact of police repression against Ransomware gangs last year, Koven emphasized that it is too early to say if the downward trend is here to stay.
“I think it is premature to be celebrating, because all the factors are there to reverse in 2025, so that those great attacks, the hunting of great games, resume,” Koven said.
You can read the full report here on the Chainysis blog.
