Tuesday, May 6, 2025
Homecyber securityRansomware Payments Plunge 35% as More Victims Refuse to Pay

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

Published on

SIEM as a Service

Follow Us on Google News

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35% in 2024, falling from $1.25 billion in 2023 to $813.55 million, according to a report by blockchain analytics firm Chainalysis.

This marked the first substantial decline in ransomware payments since 2022, despite a record number of ransomware attacks during the year.

The decrease highlights the growing resilience of victims and the impact of intensified law enforcement actions.

- Advertisement - Google News

Evolving Tactics Amid Disruptions

The decline in payments is attributed to several factors, including improved cyber hygiene among organizations and international crackdowns on major ransomware groups.

Notable operations included the takedown of LockBit by U.S. and U.K. authorities, which led to a 79% drop in payments to the group during the second half of 2024.

Similarly, BlackCat’s exit from the ransomware ecosystem disrupted its operations, leaving smaller groups and lone actors to dominate the space.

These newer players have targeted smaller markets with lower ransom demands, further reducing overall payouts.

Despite these disruptions, ransomware actors have adapted their strategies.

New strains emerged from rebranded or leaked code, and negotiations with victims often began within hours of data exfiltration.

However, improved organizational defenses allowed many victims to resist demands, opting for recovery through backups or decryption tools rather than paying ransoms.

Victims Increasingly Resist Ransom Demands

Chainanalysis report revealed that only 30% of victims who entered negotiations with attackers ultimately paid a ransom in 2024.

This reflects a growing distrust in hackers’ promises to delete stolen data upon payment and an increased reliance on alternative recovery methods.

Incident response data showed that final payments were often significantly lower than initial demands, with many organizations refusing to pay altogether.

Organizations are now better prepared to recover from attacks without succumbing to extortion.

For example, restoring data from recent backups has proven faster and more cost-effective than paying ransoms.

The drop in ransomware payments underscores the importance of collaborative efforts between law enforcement agencies and private-sector cybersecurity experts.

Crackdowns on laundering mechanisms, such as crypto mixers, have further limited attackers’ ability to cash out their illicit gains.

However, experts caution that ransomware remains a persistent threat as attackers continue to evolve their tactics.

While the decline in payments is encouraging, the record number of attacks in 2024 serves as a reminder that organizations must remain vigilant.

Proactive measures such as robust cybersecurity protocols, employee training, and collaboration with law enforcement will be essential to sustaining progress against ransomware threats.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...