In a significant shift within the ransomware landscape, global ransom payments plummeted by 35% in 2024, falling from $1.25 billion in 2023 to $813.55 million, according to a report by blockchain analytics firm Chainalysis.
This marked the first substantial decline in ransomware payments since 2022, despite a record number of ransomware attacks during the year.
The decrease highlights the growing resilience of victims and the impact of intensified law enforcement actions.
.png
)
Evolving Tactics Amid Disruptions
The decline in payments is attributed to several factors, including improved cyber hygiene among organizations and international crackdowns on major ransomware groups.
Notable operations included the takedown of LockBit by U.S. and U.K. authorities, which led to a 79% drop in payments to the group during the second half of 2024.
Similarly, BlackCat’s exit from the ransomware ecosystem disrupted its operations, leaving smaller groups and lone actors to dominate the space.
These newer players have targeted smaller markets with lower ransom demands, further reducing overall payouts.
Despite these disruptions, ransomware actors have adapted their strategies.
New strains emerged from rebranded or leaked code, and negotiations with victims often began within hours of data exfiltration.
However, improved organizational defenses allowed many victims to resist demands, opting for recovery through backups or decryption tools rather than paying ransoms.
Victims Increasingly Resist Ransom Demands
Chainanalysis report revealed that only 30% of victims who entered negotiations with attackers ultimately paid a ransom in 2024.
This reflects a growing distrust in hackers’ promises to delete stolen data upon payment and an increased reliance on alternative recovery methods.
Incident response data showed that final payments were often significantly lower than initial demands, with many organizations refusing to pay altogether.
Organizations are now better prepared to recover from attacks without succumbing to extortion.
For example, restoring data from recent backups has proven faster and more cost-effective than paying ransoms.
The drop in ransomware payments underscores the importance of collaborative efforts between law enforcement agencies and private-sector cybersecurity experts.
Crackdowns on laundering mechanisms, such as crypto mixers, have further limited attackers’ ability to cash out their illicit gains.
However, experts caution that ransomware remains a persistent threat as attackers continue to evolve their tactics.
While the decline in payments is encouraging, the record number of attacks in 2024 serves as a reminder that organizations must remain vigilant.
Proactive measures such as robust cybersecurity protocols, employee training, and collaboration with law enforcement will be essential to sustaining progress against ransomware threats.
Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free
