Cryptocurrency ransom payments saw a 35% drop in 2024, despite a reported rise in attacks.
This sharp decline is largely thanks to beefed-up international law enforcement and growing victim resilience, spurred by better cybersecurity practices.
Only about half of all ransomware incidents resulted in payments, a substantial shift from the previous year.
Lizzie Cookson from Coveware highlighted the fragmentation in the ransomware scene following notable disruptions like the collapse of notorious groups LockBit and BlackCat/ALPHV.
While lone actors swooped into the void, no single entity could reclaim the market dominance of their predecessors. “We saw a rise in lone actors, but smaller groups are now dominating low- and mid-level ransom demands,” she told Chainalysis.
Russia and Iran, meanwhile, have emerged as hotbeds for the creation and deployment of these ransomware strains.
LockBit, previously one of the world’s most feared ransomware groups, was severely disrupted by the National Crime Agency (NCA) and FBI’s collaborative efforts, which proved pivotal in reducing their operational capacity.
In a similar thread, Iranian cyber attackers have been sanctioned for involvement in ransomware attacks, with Chainalysis documenting significant connections in on-chain data linking Iranian hackers to multiple ransomware variants.
The forced exit of dominant groups and emergence of new players have created a complicated playing field, yet international law enforcement seems to be keeping up, evidenced by the rapid decline in payments post-July 2024.
The Bigger Picture: Ransomware is essentially a malware that infects a user’s system, locking them out.
The concept isn’t directly linked to cryptocurrencies but scammers more often than not demand payments to be made in Bitcoin or other privacy-focused coins such as Monero, with the assumption that such transactions are more challenging for law enforcement agencies to track down.
This notion has been challenged in recent years, with cybersecurity experts (including Chainalysis) working with law agencies to track the destinations of the transactions or the Wallets linked to the malware.
So, it isn’t surprising that more and more victims are emboldened to not pay up.
Do you want to plan your financial future? Fire Fast by Dzambhala is the right tool for you.
Join the vibrant privacy-ensured Dzambhala community on
Want to give feedback on this story? Write to us.