Skip links
Newsletter
IT & Media
powered by women
Moonshot News
Russian cyberattacks on Ukraine

Ransomware payments have changed dramatically

Moonshot.news
Author
Published on:

Ransomware payments fell 35% in 2024 from 2023 record-breaking $1.25 billion down to $813.55 million, marking the first revenue decline since 2022, US blockchain data platform Chainalysis reports.  “Midway through 2024, ransomware payments were on pace for another record breaking year, but the environment has changed dramatically. Despite more claimed victims, a major uptick in data leak sites, and the largest ever ransomware payment, total ransomware revenues plunged by a third compared to 2023.”

“This stunning reversal was driven by law enforcement disruptions, sanctions actions, and increased victim defences, with more organisations refusing to pay ransoms”, says Jacqueline Burns Koven, the company’s head of cyber threat intelligence.

Key findings:

  • Swifter attacks, fewer payouts: Negotiations begin within hours of data exfiltration, but according to incident response data, only about 30% lead to payments as more victims restore from backups.
  • The fall of LockBit: The once dominant ransomware-as-a-service (RaaS) group saw payments plummet by 79% after disruption by the NCA and FBI. RansomHub absorbed displaced affiliates and posted the most victims in 2024, but didn’t receive payments at the scale of its predecessor.
  • Shifting laundering tactics: Most ransomware proceeds flow through centralised exchanges and personal wallets, but threat actors are increasingly turning to cross-chain bridges (to attempt to obscure the movement of funds)and relying less on mixers — likely due to enforcement actions.

The report says the ransomware landscape experienced significant changes in 2024, with cryptocurrency continuing to play a central role in extortion.

Read Also:  Generative AI a new headache for cybersecurity

“Many attackers shifted tactics, with new ransomware strains emerging from rebranded, leaked, or purchased code, reflecting a more adaptive and agile threat environment.”

“Ransomware operations have also become faster, with negotiations often beginning within hours of data exfiltration. Attackers range from nation-state actors to ransomware-as-a-service (RaaS) operations, lone operators, and data theft extortion groups, such as those who extorted and stole data from Snowflake, a cloud service provider.”

The report quotes Lizzie Cookson, Senior Director of Incident Response at Coveware, a ransomware incident response firm, saying:

“The market never returned to the previous status quo following the collapse of LockBit and BlackCat/ALPHV. We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share, as we had seen happen after prior high profile takedowns and closures.”

“The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands.”

World Economic Forum predicts that Generative AI is augmenting cybercriminal capabilities and will contribute to an uptick in attacks manipulating people to share information they shouldn’t share.

Read Also:  Industry and public sector need to cooperate in fighting cybercrime

“Ultimately, overcoming today’s challenges requires not just technological innovation but a shift in perspective. Cyber resilience must be recognised as a collective responsibility, with organisations of all sizes working together to fortify the interconnected networks that underpin the digital economy.”

“Further, there is a need for decisive leadership action to prioritise cybersecurity among and between organisations; beyond technical indicators, robust criteria rooted in the economic implications of cyber insecurity will be required. A united leadership team, in which business and cyber leaders see eye to eye on the cyber risks facing the organisation, is critical to navigating growing cyber complexity.”

“While 66% of organisations expect AI to have the most significant impact on cybersecurity in the year to come, only 37% report having processes in place to assess the security of AI tools before deployment”, the WEF outlook reports.

7% of cyberattacks and data leaks will by 2027 involve generative AI. Since the release of GenAI, attackers are increasingly using tools along with large language models (LLMs) to carry out large-scale attacks, marketing research firm Gartner says in a forecast.

Worldwide end-user spending on information security is projected to total $212 billion in 2025, an increase of 15.1% from 2024. Global information security end-user spending is estimated to reach $183.9 billion in 2024.

“The continued heightened threat environment, cloud movement and talent crunch are pushing security to the top of the priorities list and pressing chief information security officers (CISOs) to increase their organisation’s security spend,” says Shailendra Upadhyay, senior researcher at Gartner.

Read Also:  Increase of companies suffering cyber threats

Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

You may also like

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.