For the first time in recent history, ransomware gangs have seen a substantial decline in payments, marking a shift in the ongoing battle between cybercriminals and law enforcement agencies.
A new report from Chainalysis reveals that ransomware payments in 2024 dropped by approximately 35%, from $1.25 billion in 2023 to $812.55 million. The decline, which became evident in the second half of the year, followed significant law enforcement actions targeting major ransomware groups, including LockBit and AlphV/BlackCat.
The data indicates that victims are increasingly resisting extortion attempts, both due to heightened distrust in ransomware actors and improved cyber defenses. Law enforcement efforts have disrupted key players in the ransomware ecosystem, causing uncertainty among cybercriminals and their affiliates. For executives in the cybersecurity and technology industries, the findings reiterate the importance of ongoing awareness, proactive defense strategies, and collaboration with law enforcement to sustain this progress.
Despite the decrease in payments, the total number of ransomware breaches in 2024 was the highest ever recorded, with over 5,263 successful attacks. This suggests that while organizations are becoming more resistant to paying ransoms, cybercriminals are not slowing down their operations. Instead, they are shifting tactics, such as increasing data leak disclosures to pressure victims into compliance.
Why It Matters: This decline in ransomware payments is a sign that corporate defenses, government interventions, and industry-wide resilience efforts are making a tangible impact. However, the record number of attacks shows that the threat is far from over, and organizations can’t let their guard down just yet. Ransomware gangs are adapting, finding new ways to pressure victims, and looking for different ways to profit. Companies need to stay proactive by improving defenses, collaborating with experts, and preparing for the next wave of cyber threats.
- Ransomware Payments Dropped by 35%: The total extortion paid by victims fell from $1.25 billion in 2023 to $812.55 million, marking the first decline in years. This shift is attributed to law enforcement efforts, growing distrust in ransomware groups, and improved corporate security postures that make paying less appealing.
- Fewer Victims Are Giving In to Demands: Only 30% of organizations targeted by ransomware in 2024 entered negotiations, and an increasing number chose not to pay. Companies are opting for better-prepared recovery strategies, leveraging backups and incident response plans rather than funding cybercriminals.
- Law Enforcement Disruptions: Targeted operations against LockBit and AlphV/BlackCat disrupted key players in the ransomware-as-a-service ecosystem. These actions not only dismantled some of the most prolific groups but also created uncertainty among their affiliates, leading to fewer successful ransom collections.
- Attackers Are Pivoting Strategies: Despite the decline in ransom payments, the number of ransomware breaches reached a record 5,263 in 2024. Cybercriminals are increasing data leak disclosures to pressure victims and experimenting with alternative monetization strategies to compensate for lost revenue.
Ransomware Payments Drop for First Time in Years Following Law Enforcement Disruptions – The Record
Ransomware Payments Fell by 35% in 2024, Totalling $813,550,000 – Bleeping Computer
