Ransomware Payments Dropped 35% In 2024

An anonymous reader quotes a report from CyberScoop: Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis. The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity to date. Chainalysis itself warned in its mid-year report that 2024's activity was on pace to reach new heights, but attacks in the second half of the year tailed off. The total amount in payments that Chainalysis tracked in 2024 was $812.55 million, down from 2023's mark of $1.25 billion.

The disruption of major ransomware groups, such as LockBit and ALPHV/BlackCat, were key to the reduction in ransomware payments. Operations spearheaded by agencies like the United Kingdom's National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) caused significant declines in LockBit activity, while ALPHV/BlackCat essentially rug-pulled its affiliates and disappeared after its attack on Change Healthcare. [...] Additionally, [Chainalysis] says more organizations have become stronger against attacks, with many choosing not to pay a ransom and instead using better cybersecurity practices and backups to recover from these incidents. [...] Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.

You can read the full report here.

Trump will change this

[Anonymous Coward]

As the FBI and other government agencies are gutted, the ransomware gangs will again rise and live to fight again.

Re:

[OrangAsm]

They'll just have start taking cash and children.

Re:

[ShanghaiBill]

1. These are not "gangs". Most ransomware attacks are by individuals.

2. Most ransomware attacks originate in Russia, where the FBI has no jurisdiction.

Re:Trump will change this

[bleedingobvious]

Most ransomware attacks are by individuals.

All the facts disagree with this claim. Where are we pulling this from?

The tooling has segregated. Multiple entities are coordinating in multiplle ways. These entities specialize in each part of the kill chain - acccess, CnC, persistence, automation.....

This idea of the luser script kiddie is 40 years out of date. These are dedicated, incentivized, actors and underplaying the risks they represent, the technological capabilities they have developed and the complexity of the infrastrucure and shadow markets they engage in is a mistake.

Some of these are legit corps with HR departments, bonus structures, pensions, etc

Re:

[geekmux]

1. These are not "gangs". Most ransomware attacks are by individuals.

2. Most ransomware attacks originate in Russia, where the FBI has no jurisdiction.

Yeah. You’re right. Those massive APT groups operating out of Russia, China, and North Korea aren’t gang members,

They’re more like government employees.

Cryptocurrency ain't useful if you can't spend it

[Powercntrl]

Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.

I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction.

So, that pretty much leaves just the greater fool speculative trading game as the only practical use for cryptocurrency.

Re:

[dohzer]

Can't spend it?! Did you miss the story about the guy who purchased a pizza with BTC?

Re:

[Powercntrl]

I know you're making a joke, but the Bitcoin pizza guy actually had to have a 3rd party order (and pay for, using real money) the pizza on his behalf. It's been awhile since I've ordered from Papa John's (their pizza really isn't that good compared to the smaller mom and pop places near me), but last I checked they don't accept cryptocurrency.

I'd imagine anyone looking to order a pizza without first exchanging their cryptocurrency would likely end up going hungry.

Re:

[geekmux]

Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.

I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction.

So, that pretty much leaves just the greater fool speculative trading game as the only practical use for cryptocurrency.

I hate to point out the obvious, but if you happen to be NOT a piece of shit ransomeware criminal, you could actually USE a digital wallet for transactions without fear of law enforcement watching what you do.

Pretty sure an audit of the Federal Reserve would reveal financial crimes on an incomprehensible scale. Doesn’t mean the concept of banks or money becomes pointless and worthless. Maybe not toss the baby out with the bathroom remodel.

Better cybersecurity practices and backups

[Canberra1]

More waffle and incompetence. What is a better backup? You have a workable recovery process - or you do not. Better cybersecurity - I doubt it , its still pick up the phone and cry 'help' - followed by PR to get them to tell lies or waffle. The next wave of attacks will be smarter - insider trading or moving to targets with info people will pay for. As for health insurance medical data leaks - you are already hosed, just try ring around to get quotes -- exactly the same if they got wind of genetic tests, o

Re:

[Sique]

Your sentiments aside, but each entity which once was victim to a ransomware attack and recovered now has at least experience how to recover. And that's a big bonus in terms of cybersecurity. They now know where they have copies of old data. They now know who to ask to set the server up again. They now know which firmware to reflash, and which hardware to throw out because recovering is more expensive than to buy new. And foremost, they now know how to continue operation until the ransomware attack is fixed

Sad

[multi io]

Economic hardship is hitting everyone. So sad.

Escalation inbound

[bleedingobvious]

We already have LLMs doing battle with each other in this space

Now have to worry about where and how this will escalate.... We have plenty evidence these actors care not one jot about human life

Why did people stop backing up their data?

[mea_culpa]

This used to be a thing. 3-2-1 backups. I don't know what happened over the past 20 years where backups stopped being important. More reliable HDDs maybe? Hopefully ransomware has shocked enough people to make them important again.

Re:

[Bert64]

Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost.
Similarly if you never need to restore the backups, many places never actually test to see if restoring is possible.

Then you have a disaster where you actually need the backups, and they don't exist or don't work.

Re:

[geekmux]

This used to be a thing. 3-2-1 backups. I don't know what happened over the past 20 years where backups stopped being important.

Theres an easy answer for this. The birth of the ubiquitous “cloud”. And all of the lies sold with it.

The old way you lost data, was storing it locally and suffering a crash. Once users were told data wasn’t stored locally anymore, the concern about data loss subsided. Then more local features were added to recover from the usual “oops” reasons you maintain backups (Recycle Bins, System Restore, Snapshots, etc.), so users really stopped giving a shit about backing up.

That m