Ransomware Payments Decrease by 35% in 2024
In 2024, the total amount of ransoms paid to ransomware hacker groups dropped by 35% compared to the previous year, totaling $813.55 million. For comparison, in 2023, this figure was $1.25 billion.
According to blockchain analysts at Chainalysis, only about 30% of victims who entered negotiations with ransomware groups in 2024 ended up paying any ransom at all. Meanwhile, data from NCC Group shows that 2024 set a record for the number of ransomware attacks, with 5,263 successful incidents reported over the year. Chainalysis statistics also confirm a growing number of leaks of stolen company data, indicating that cybercriminals are finding it harder to collect ransoms and are increasing their activity as a result.
Researchers report that the largest βsuccessβ for hackers in 2024 was the breach of an unnamed Fortune 50 company, which ultimately paid the Dark Angels group a record $75 million ransom.
Why Are Ransomware Payments Declining?
Experts link the decrease in ransom payments, despite the rise in attacks, to improved preparedness among victimized companies. Awareness of ransomware risks is growing across all industries, leading organizations to invest more in cybersecurity and implement more effective protection measures. Law enforcement operations targeting ransomware groups have also played a role, such as Operation Cronos against the LockBit group.
As a result, the median ransom amounts in 2024 decreased, even with the record set by Dark Angels. Negotiations often led to lower ransom payments as well.
How Ransomware Proceeds Are Laundered
When it comes to laundering ransom payments received in cryptocurrency, researchers note that criminals are increasingly moving away from mixer services and turning to cross-chain bridges, which help obscure transactions and make them harder to trace. Nevertheless, centralized exchanges remain the main method for cashing out funds: in 2024, 39% of all ransomware proceeds were laundered through these platforms.
However, more and more criminals are choosing to keep their ransomware earnings in personal wallets, hesitating to cash out due to fears of arrest.