Ransomware payments plummeted by more than a third last year, totaling $813 million, according to recent figures. The reluctance of victims to comply with cybercriminals’ demands and the increased crackdown on criminal gangs by law enforcement agencies contributed to this significant decline in ransomware attacks. Despite several high-profile cases in 2024, such as the hacking of NHS trusts in the UK and the US-based doughnut company Krispy Kreme, the total amount paid in ransom dropped from the record $1.25 billion reported in 2023. Chainalysis, a research firm, released these payment statistics, noting a sharp decrease in payments during the second half of the year.
This downward trend in ransomware payments is a positive development that experts believe averted a potential “ransomware apocalypse.” Jacqueline Burns Koven, the head of cyber threat intelligence at Chainalysis, credited the effectiveness of law enforcement actions, improved international collaboration, and victims’ increasing refusal to comply with attackers’ demands for this decline. While acknowledging the progress made in deterring ransomware attacks, Burns Koven also cautioned that the downward trend in payments is fragile, and ransomware attacks continue to pose a significant threat.
In a notable shift, victims demonstrated a stronger resolve in the face of ransom demands. Despite a rise in the number of ransomware attacks, cyber gangs saw a 53% increase in the sums demanded compared to the actual payouts in the second half of the year. Additionally, there was a decline in ransomware-related “on-chain” payments, indicating a decrease in victims electing to pay the ransom.
The impact of international law enforcement actions, such as the takedown of the LockBit ransomware gang in February 2024 and the disappearance of BlackCat/ALPHV, is evident in the ransomware landscape. Lizzie Cookson, from the ransomware response firm Coveware, noted that the collapse of these criminal groups reshaped the market, with new entrants targeting smaller markets with more modest ransom demands. This shift signifies a change in the ransomware ecosystem post-operations against prominent cybercrime outfits.
The UK government is also taking steps to address ransomware attacks by considering banning public bodies, including schools, the NHS, and local councils, from making ransom payments. The proposed measures would require private companies to report ransom payments to the government and could potentially block these transactions. The government consultation may lead to mandatory reporting of ransomware attacks to facilitate legal changes aimed at enhancing cybersecurity measures.
Overall, the decline in ransomware payments in 2024 reflects a positive shift in the fight against cybercrime, highlighting the importance of collaboration between law enforcement agencies, businesses, and individuals in combatting ransomware threats. However, as ransomware attacks continue to evolve, maintaining vigilance and implementing robust cybersecurity strategies remain essential to safeguarding against future threats.