The ransomware landscape saw a significant shift in 2024, with a year-over-year decrease of 35.82% in payments made by victims. This decline was driven by increased international collaboration in the fight against cybercrime, decisive action from law enforcement agencies, and a growing reluctance among businesses and individuals to pay the ransoms demanded by cybercriminals.
Evolution of Ransomware in 2024
In 2024, payments made to ransomware groups amounted to approximately $813.55 million, compared to $1.25 billion in 2023. This decrease marks the first drop in revenue for these groups since 2022, indicating a shift in the dynamics of cybercrime.
Despite a slight increase of 2.38% in payments recorded during the first half of the year, the trend changed dramatically starting in July, with a decline of 34.9% in the second half of the year. This pattern reflects a more pronounced slowdown than in the last three years and suggests that mitigation strategies have been more effective.
Impact of Law Enforcement Action and Changes in the Criminal Ecosystem
One of the biggest blows to ransomware in 2024 was the joint operation by the UK’s National Crime Agency (NCA) and the US Federal Bureau of Investigation (FBI), which succeeded in dismantling the infrastructure of LockBit, one of the most prolific variants. As a result, payments linked to LockBit fell by 79% in the second half of the year. Additionally, the disappearance of ALPHV/BlackCat in January 2024 left a gap in the criminal ecosystem that was not filled by a single actor, but rather by numerous smaller groups with less substantial ransom demands.
Victim Resilience and Changes in Payments
According to data from incident response firms, only 30% of negotiations end with the payment of a ransom, and the gap between the demanded sums and the amounts actually paid continues to grow. In the second half of 2024, the difference between these figures reached 53%, indicating that many victims are opting not to pay and are turning to backups or decryption tools instead.
According to Lizzie Cookson, Senior Director of Incident Response at Coveware, “thanks to improved cybersecurity measures and organizational resilience, many companies have managed to withstand attacks and recover their systems without having to pay the attackers.”
Changes in Cybercriminal Operations
Despite the decrease in payments, the total number of ransomware attacks continued to rise. Data from information leakage sites show that more organizations were listed as victims in 2024 than in any previous year. However, many of these listings were misleading: some included companies that had not been truly compromised or had only experienced minor attacks.
Corsin Camichel, a cybersecurity researcher at eCrime, explained that “more than 100 organizations were listed on multiple data leakage sites in 2024. Some postings simply repeated previous attacks or exaggerated the impact of incidents.”
New Threats and Emerging Trends
In 2024, new ransomware variants, such as Akira and Fog, also emerged that focused on exploiting vulnerabilities in VPNs to gain access to corporate networks. Additionally, the restructuring of ransomware groups has led to the proliferation of smaller-scale operations, segmenting the criminal market into low, medium, and high economic impact attacks.
On the other hand, ransomware activity by actors linked to Iran has continued to increase. Blockchain investigations have revealed connections between previously considered distinct threats, allowing for the identification of rebranding patterns and links between various strains of ransomware.
Outlook for the Future
2024 marked a turning point in the fight against ransomware. International cooperation, tightening security policies, and improvements in cybersecurity practices have significantly reduced the financial incentives for cybercriminals.
Despite these advances, the adaptability of ransomware groups remains a challenge. The emergence of new extortion tactics and the use of cryptocurrencies for money laundering suggest that the threat will not disappear but will evolve.
Experts believe that the key to continuing to reduce the impact of ransomware will be maintaining collaboration among governments, businesses, and cybersecurity professionals, as well as strengthening awareness and preparedness against potential attacks.
via: Chainalysis