In 2024, a Significant Number of Individuals Opted Against Complying with Ransomware Demands: Study
In 2024, ransomware victims parted with 35% less cash to cybercriminals compared to the previous year, despite a rise in attacks, as revealed in a report by blockchain research firm Chainalysis. The hefty drop, from $1.25 billion in 2023 to $813.55 million, can be attributed to several factors.
Firstly, international law enforcement operations took down some major hacking groups, like Lockbit, and others ceased operations unexpectedly. In February, multinational law enforcement agencies, including the FBI and the UK's National Crime Agency, made several arrests and seized servers and websites used by Lockbit, believed to have orchestrated thousands of attacks costing victims over $120 million. Later, prolific group Blackcat or ALPHV, stopped operating, with an alleged seizing by law enforcement, although some agencies denied involvement. Some experts suspected an exit scam.
Chainalysis's report indicated a widening gap between the sum demanded by attackers for relinquishing compromised data and the actual amount victims were willing or able to pay. With many organizations adopting stronger cybersecurity measures and resorting to better backups, they've successfully avoided paying ransoms following incidents. In fact, according to reliability data, 70% of victims did not pay extortionists.
Unfortunately, obtaining accurate data on the exact number of ransomware attacks and their repercussions remains a challenge. Leak sites publishing ransomware gangs' infiltrations are rife with fabrications and duplications. Furthermore, victims often downplay attacks and maintain confidentiality regarding negotiation details.
The total ransom paid out in 2024 was lower than in 2020 and 2021, despite the figure being poised to surpass earlier years following the first half of the year. Payments dramatically dropped between July and December, a trend that has become prominent in recent years, but remarkably intense in 2024.
Lizzie Cookson, senior director of incident response at Coveware, stated, "The market never returned to the previous status quo following LockBit and BlackCat/ALPHV's collapse. We saw a surge in lone actors, but no prominent group capitalized on their market share. The current ransomware landscape is flooded with newcomers focusing primarily on smaller markets associated with more modestly priced ransom demands."
The decrease in ransom payments could be a sign of the future, as technology advances allow for more robust cybersecurity measures. As tech companies continue to innovate, we may see a further reduction in the effectiveness of ransomware attacks.
Moreover, the current trend of law enforcement cracking down on major hacking groups is expected to continue, potentially disrupting the tech-driven criminal economy of ransomware operations.
