Ransomware payments fell by more than a third last year to $813m (£650m) as victims refused to pay cybercriminals and law enforcement cracked down on gangs, figures reveal.
The decline in such cyber-attacks – where access to a computer or its data is blocked and money is then demanded to release it – came despite a number of high-profile cases in 2024, with victims including NHS trusts in the UK and the US doughnut firm Krispy Kreme.
Ransomware payments last year fell from a record $1.25bn in 2023, said the research firm Chainalysis, which published the payment data on Wednesday. It said payments dropped off sharply in the second half of the year, reflecting the impact of action taken against cybercriminals and a refusal to pay.
The 2024 total is also lower than the $999m and $1.1bn recorded in 2020 and 2019, respectively. In ransomware attacks, criminals access their victims’ IT systems, steal data and lock up files by encrypting them. The assailants then demand a ransom payment, typically in bitcoin, to decrypt the files and return the data.
Jacqueline Burns Koven, head of cyber threat intelligence at Chainalysis, said the new figures indicated that a “ransomware apocalypse” had been averted. “For years now, the cybersecurity landscape seemed hurtling towards a so-called ransomware apocalypse, so this sharp decline, to levels even lower than those in 2020 and 2021 speaks to the effectiveness of law enforcement actions, improved international collaboration, and a growing refusal by victims to cave into attackers demands,” she said.
However, Burns Koven said the downward trend in payments was “fragile” and that ransomware attacks remained “prolific”.
In further evidence of victims refusing to meet attackers’ demands, in the second half of last year sums demanded by cyber gangs were 53% higher than the actual payouts – despite an increase in the number of ransomware attacks.
Over the same period the number of ransomware-related “on-chain” payments – the term for payments registered on a blockchain that records crypto transactions – declined, indicating fewer payments by victims.
One expert said a coordinated international operation in February last year to take down a leading ransomware gang, LockBit, appeared to have had an effect as well as the disappearance of another cybercrime outfit called BlackCat/ALPHV.
“The market never returned to the previous status quo after the collapse of LockBit and BlackCat/ALPHV,” said Lizzie Cookson, of the ransomware response firm Coveware. “The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands.”
In the UK, ministers are considering banning schools, the NHS and local councils from making ransomware payments.
Under the proposals, payouts by private companies will have to be reported to the government and could be blocked. Reporting ransomware attacks could also be made mandatory if the government consultation leads to legal changes.
#Global #ransomware #payments #plunge #crackdown #Cybercrime
