The Ransomware business was a hit in 2024, with payments down 35% year-on-year, according to a new report from Chainalysis.
The number of ransomware attacks rose in 2024, but ransomware gangs made money, pulling in $814 million compared to the record high of 2023 $1.25 billion. Blockchain analytics companies have been driven by a number of factors, including increased law enforcement actions and sanctions, and increased refusal to pay by attackers.
Last year, less than half of all recorded ransomware attacks resulted in victim payments. Jacqueline Burns Koven, head of Cyber Threat Intelligence, told Coindesk that some of the non-payment trends would be removed from the attacker’s ownership by following the attacker’s request. He said it could be due to the rise.
In February 2024, US insurance company United Healthcare paid a $22 million ransom to Russian ransomware gang black cat after one of its subsidiaries was breached and patient data was exposed. However, the Black Cat collapsed shortly after the ransom was paid, leaking data paid by United Healthcare for protection. Similarly, the takedown of Rockbit, another Russian ransomware gang by US and UK law enforcement in early 2024, did not actually delete the victim’s data as the group has actually promised. It has been revealed that.
“What illuminates this is that ransom payments are not guarantees of data deletion,” Koven says.
Coven added that even if ransomware victims wanted to pay, their hands are often tied to international sanctions.
“There are different types of sanctions on ransomware groups, and some entities are outside the risk threshold that they are willing to pay because it constitutes sanction risk,” says Koven.
Chain Orisis’ report points to another reason for the decline in payments in 2024. The victim is confused. Lizzie Cookson, senior director of incident response at ransomware incident response company Coveware, told Chainalysis that improved cyber hygiene has allowed many victims to resist the demands of attackers.
“In the end, we may decide that decryption tools are the best option and negotiate to reduce the final payment, but more often we will recover from recent backups faster and more It shows that it’s a cost-effective pass,” Cookson said in the report.
Challenges for cash out
Chain Orisys reports also suggest ransomware attackers struggle to cash out their fraudulent profits. The company discovered a “significant reduction” in the use of crypto mixers in 2024. The report was attributed to “the destructive impact of sanctions and law enforcement measures against Chipmixer, Tornado Cash and Sinbad.”
According to the report, more ransomware actors have just been holding funds in their personal wallets last year.
“Unusually, ransomware operators, a primarily financially motivated group, are refraining from acquiring more than ever,” he said. Services that are involved or promoted in ransomware laundering will create anxiety about where funds can be safely placed among threat actors. ”
I’m looking forward to it
Last year, despite the clear impact of law enforcement crackdowns on ransomware gangs, Coven stressed that it is too early to say whether the downward trend is here.
“I think it’s too early to celebrate all factors that are a massive game hunt as all factors are reversing in 2025,” Koven said. I said that.
You can read the full report on Chainalysis’s blog.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
