Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay.
While, throughout 2024, less than half of recorded incidents resulted in victims paying ransoms, and several major ransomware groups experienced disruption, Chainalysis is quick to mention that attackers are adapting to their new reality, rebranding and deploying new ransomware strains.
Changing Victim Behaviors
Changing victim behaviors are largely responsible for the fall in ransomware payments, with victims choosing backup recovery and alternative solutions over complying with ransom demands. In 2024, just 30% of ransomware negotiations resulted in payments, while the gap between demands and payments widened to 53%.
Jon Miller, CEO and Co-founder of Halcyon believes that victim organizations are better prepared for ransomware attacks, actively seeking experienced consultants and incident responders to minimize attack disruption and subsequent ransom payments.
The Shifting Ransomware Threat Landscape
However, Miller also believes that a changing threat landscape is also responsible for falling ransomware payments. He argues that 2024 saw an influx of new ransomware groups, who tend to make smaller ransom demands than their larger, more established peers.
“The latest reporting indicates there were more attacks in 2024, but the total sum of ransom payments was less than the record set for 2023. This could be chalked up to more groups with less experienced operators, or by choice, they decided that multiple smaller ransom payments were a better option than fewer large ransoms that would draw the attention of LEO – they are trying to fly below the radar,” he said.
The Chainalysis report supports Miller’s claims, highlighting that several major ransomware groups either experienced disruption or disappeared completely in 2024. For example, after LockBit and ALPHV/BlackCat fell off the map, newer groups like RansomHub (which absorbed displaced operators from LockBit and BlackCat) and Fog emerged to fill the power vacuum they left behind.
Looking Ahead
While it’s encouraging that ransomware payments are falling, the cybersecurity industry must not become complacent. If we want to see ransomware payments continue falling, law enforcement action needs to ramp up further, and victim organizations need to up their resilience. For Chanalysis, collaboration between cybersecurity firms, law enforcement, and blockchain experts is essential to further reduce ransomware threats.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.