- In 2024, the money paid to bad actors for ransomware went down by 35%, despite the persistent attacks.
- Just 60% to 70% of affected entities paid ransoms; others recovered data via backups or free decryption applications.
- The pressure from law enforcement, as well as sanctions on virtual assets, is making it difficult for bad actors to access their gains.
A firm that provides analytics on Blockchain, Chainalysis, recently disclosed data hinting at the reduced percentage of ransomware payments in the year 2024. It recorded a 35% decline, highlighting an ideal turning point in the way organizations deal with these attacks.
This encouraging trend aligns with broader industry analyses, which track the evolving tactics, costs, and frequency of these attacks.
“Don’t Pay the Ransom”, Use Data Recovery Tools
In 2024, the record of file-encoding ransomware incidents went up, with about 60% to 70% of those affected remitting the ransom. These attacks continue to disrupt critical infrastructure and services, as seen in a recent incident where a ransomware attack crippled 1,000 systems at a Romanian water agency. The remaining percentage of victims recovered their data through means other than paying their attackers.
A lot of enterprises got back their data from backup storage, while some got aid from law enforcement, who provided them with free decryption apps to grant them access to their data. Others refused to strike a deal with the bad actors and instead resourcefully re-strategized their systems.
What had caused the shift? There has been an education process for victims. Victims realized that there was no assurance of your data returning when they paid the ransom. They reported that the bad guys did not give back the data as promised after payment, and in several cases, the bad guys kept duplicates of the stolen data on their server despite claiming to have wiped it off. In several instances, after paying ransoms, victims did not get the appropriate decryption packages requested.
To add insult to injury, victims who paid ransoms became targets for an additional attack, as they are more likely to remit a second time. Authorities have been actively telling the public, “Don’t pay the ransom.” Payments made in response to someone’s offer to decrypt your files only serve to create more ransom schemes. Many crime victims are starting to embrace this idea.
Hackers Struggle to Cash Out, Thanks to Crypto Sanctions
The decrease in ransomware payments can be attributed to another reason; when victims do make payment as part of ransom requests, there are times when hackers face issues in being able to use their earnings as intended.
According to Chainalysis, ransomware orchestrators have issues with cashing out their cryptocurrency. Due to active government sanctions as well as perpetual evaluation of the dark web from authorities like the FBI, it’s almost impossible for bad actors to trade their digital assets into cash.
These enforcement efforts exist alongside an ongoing debate about financial privacy in the digital age, with non-profit think tanks continuing to defend the use of crypto privacy tools like Tornado Cash despite sanctions.
Many cybercriminals now hold digital coins in wallets they cannot convert into real-world cash without risking capture. Many are planning for approximately mid- to late-2025 before attempting any conversion efforts, in hopes of more favourable circumstances as well as higher values on their digital currencies due to their volatility.
As a recent example, up until recent events, BTC experienced an approximate $90,000 market value just before the latest election cycle and cyber criminals are cognizant of these volatile movements in order to maximize their profits.
However, if they are patient, they can potentially be at risk of waiting. Law enforcement can continue tracking the hacker’s activity for an extended period of time. With each transaction, there is a corresponding identifiable mark on the Bitcoin blockchain, and networks of this size can lead to multiple arrests and seizures.
The Situation is Under Control, Temporarily
Although security professionals are hopeful, they are not yet celebrating. Experts consider the current environment manageable but warn that this sense of security may be short-lived, as many “quiet” cybercriminal groups could be regrouping with stronger strategies.
The downward trajectory in total ransom payments hints at the collective endeavors of the community; however, to foster compliance with ransom demands, organizations must invest in their backup solutions as well as comprehensive security tools that protect against both external attacks and internal threats, such as the recent incident where Block’s Cash App lost customer data to a former employee.
