Feb 07, 2025 08:00:00

Ransomware data ransom payments will be 35% lower in 2024 compared to 2023

A survey by blockchain information company Chainalysis revealed that the amount of data ransom payments made by cryptocurrency

ransomware fell by about 35% to $813.3 million (about 123 billion yen) in 2024 from a record high of $1.25 billion (about 190 billion yen) in 2023.

Crypto Ransomware 2025: 35.82% YoY Decrease in Ransomware Payments
https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/

Ransomware payments fell by 35% in 2024, totaling $813,550,000

https://www.bleepingcomputer.com/news/security/ransomware-payments-fell-by-35-percent-in-2024-totalling-813-550-000/

Global ransomware payments plunge by a third amid crackdown | Cybercrime | The Guardian
https://www.theguardian.com/technology/2025/feb/05/global-ransomware-payments-plunge-by-a-third-amid-crackdown

While Chainalysis has reported a significant decline in ransom payments, it has been reported (PDF file) that in 2024, a company selected by Fortune as one of its ' The Future 50, ' the world's top 50 companies, paid a record $75 million in ransom to the ransomware group 'Dark Angels.'

However, the decline in ransom payments does not necessarily mean that ransomware attacks are on the decline, as security analytics firm

Recorded Future reports that 56 new data leak sites were identified in 2024, more than double the number Record Future identified in 2023. And according to NCC Group , 2024 was the busiest year for ransomware attacks, with a total of 5,263 successful attacks .

However, the number of actual ransom payments is declining while the number of ransom demands from ransomware attacks is increasing. The graph below shows the number of data ransom demands (blue) and the number of actual ransom payments (orange) from ransomware attacks.

Chainalysis points out that this decrease in ransom payments is due to increased victim resistance and an increase in options for recovering from attacks. In addition, Lizzy Cookson, director of incident response at ransomware incident response company Coveware, points out that 'ransomware victims may ultimately decide that using a decryption tool is their best option and negotiate with attackers to reduce the ransom. In many cases, even if you are attacked, it tends to be faster and more cost-effective to restore from a recent backup.'

In addition, technology media BleepingComputer states, 'Awareness of the risk of ransomware breaches is growing across all industries, leading companies to increase investment in cybersecurity and implement stronger protective measures. Furthermore, paying the ransom does not guarantee that data will not be deleted by threat actors. As a result, an increasing number of organizations are recovering their data and systems from backups and refusing to negotiate with threat actors.'

In addition, in 2024, Rostiranev Panev, who contributed to the ransomware group LockBit by developing ransom payment tools, was arrested . This is expected to deal a major blow to LockBit's activities.

In addition, an international law enforcement operation aimed at dismantling LockBit was conducted in February 2024, and as a result of investigations by police organizations in 10 countries, including Japan, two LockBit operators were arrested. In addition, the crackdown on LockBit also led to the destruction of another cybercrime organization, 'BlackCat/ALPHV.'

International law enforcement forces arrest two LockBit operators suspected of attacking Nagoya Port and create tool to recover encrypted files for free - GIGAZINE

Chainalysis points out that these law enforcement actions and improved victim resilience have led to lower ransomware payments in 2024. Chainalysis also said, 'Sustained collaboration across agencies and innovative defenses will remain important to build on progress in 2024.'