Ransomware payments made in 2024 totaled hundreds of millions of dollars, but the total amount dropped by 35% compared to the previous year, according to blockchain analysis firm Chainalysis.
Chainalysis found that ransomware attack victims paid out a total of $813.55 million in 2024, compared to $1.25 billion in 2023. It’s worth noting that ransomware payments are typically made in cryptocurrencies and this is an estimation of their value in US dollars.
There were a few very large payments made to ransomware groups in the first half of 2024, including a record-breaking $75 million payment to the Dark Angels gang.
With payments in H1 2024 totaling nearly $460 million, Chanalysis expected the total by the end of the year to surpass the amount paid out to cybercriminals in 2023. However, there was a drop of roughly 79% in the second half of the year.
This was due in large part to the law enforcement action against LockBit and the BlackCat group’s exit.
“The market never returned to the previous status quo following the collapse of LockBit and BlackCat/ALPHV. We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share, as we had seen happen after prior high profile takedowns and closures,” said Lizzie Cookson, senior director of incident response at ransomware response firm Coveware.
“The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands,” Cookson added.
More than 50 new ransomware leak sites emerged in 2024 and the number of victims named on such sites increased last year. However, the data collected by Chainalysis indicates that fewer victims paid a ransom.
Data from incident response firm Kivu Consulting showed that roughly 30% of victims pay up. However, organizations are increasingly able to recover from attacks without giving in to the hackers’ demands.
Additional information, including ransomware case studies and details on the laundering methods used by cybercriminals, are available in Chainalysis’ report.
Related: Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024
Related: Record Number of Ransomware Attacks in December 2024
Related: UK Considers Banning Ransomware Payment by Public Sector and CNI
