The activity of ransomware took a safe hit in 2024, the payments falling from 35% in annual sliding, according to a new report by Chainalysis.
Although the number of ransomware attacks increased in 2024, the ransomware gangs earned less money, pulling $ 814 million compared to the record sum of $ 1.25 billion. The blockchain analysis firm attributes the decline to a variety of factors, including an increase in the actions and sanctions of the police, as well as a growing refusal of the victims to pay their attackers.
Last year, less than half of all recorded ransomware attacks led to victims. Jacqueline Burns Koven, head of the chainysia cyber-menace, told Coindesk that part of the non-payment trend can be attributed to increasing mistrust according to which respect for attackers will actually result in stolen data victims deleted from the possession of the attacker.
In February 2024, the American insurance company United Healthcare paid a ransom of $ 22 million to BlackCat BlackCat Gang Russian Russian after one of its subsidiaries was raped and the data of the patients exposed. But BlackCat imploded shortly after payment of the ransom, and the data that United Healthcare had paid to protect were disclosed. Likewise, the withdrawal of another Russian ransomware gang, lockbit, by the police of the United States and the United Kingdom at the beginning of 2024, also revealed that the group had not really suppressed the data from victims as promised.
“What has enlightened is that the payment of a ransom is not a guarantee of deleting data,” said Koven.
Koven added that even if the victims of ransomware wanted to pay, their hands are often linked by international sanctions.
“There was a series of sanctions against different ransomware groups and for certain entities, it is outside their risk threshold of being willing to pay them because it constitutes a risk of sanctions,” said Koven.
Chainalysis’ report indicates another reason for a decrease in payments in 2024 – the victims surrender. Lizzie Cookson, principal director of the response to incidents at Coveware, a Ransomware incident company, told Chainsysis that, due to the improvement of cyber-hygiene, many victims are now better able to resist to the requests of the attackers.
“They can finally determine that a decryption tool is their best option and negotiate to reduce the final payment, but more often they find that the restoration of recent backups is the faster and more profitable route,” said Cookson in the report.
Challenges to withdraw
The chain chain report also suggests that ransomware attackers also find it difficult to remove their poorly acquired earnings. The cabinet noted a “substantial decline” in the use of cryptographic mixers in 2024, which the report attributed to “the disruptive impact of the sanctions and the actions to apply the law, such as those against chipmixer, the Tornado Cash and Sinbad ”.
Last year, more ransomware players simply owned their funds in personal portfolios, according to the report.
“Curiously, Ransomware operators, a mainly motivated group, refrain more from enjoying more than ever,” he said. The services participating or facilitating the whitening of ransomware, resulting in insecurity among the actors of the threat as to the place where they can put their funds safely. “”
Look forward to
Despite the clear impact on the repression of the Ransomware gang law application last year, Koven stressed that it was too early to say if the downward trend is there to stay.
“I think it is premature to celebrate, because all the factors are there so that it is reversed in 2025, for these great attacks – the hunt for big game – to resume,” said Koven.
You can read the full report here on the chain chain blog.
