Malicious Hackers Collected Fewer Ransom Payments in 2024Malicious Hackers Collected Fewer Ransom Payments in 2024

Ransom payments dropped by 35% last year after hitting a record-setting $1.25 billion in 2023.

That’s according to Chainalysis, the blockchain analytics company. Ransomware attackers received more than $813 million in payments last year.

Last year’s decrease in ransom payments is due to increased law enforcement, better international collaboration and more victims refusing to pay.

“In response, many attackers shifted tactics, with new ransomware strains emerging from rebranded, leaked or purchased code, reflecting a more adaptive and agile threat environment,” Chainalysis said. “Ransomware operations have also become faster, with negotiations often beginning within hours of data exfiltration. Attackers range from nation-state actors to ransomware-as-a-service (RaaS) operations, lone operators and data theft extortion groups, such as those who extorted and stole data from Snowflake, a cloud service provider.”

Courtesy: Chainalysis

Ransom Payments Drop In H2 After Increasing in H1

Ransom payments were tracking higher during the first half of 2024, then fell during the second half of the year.

This slowdown was similar to the decline in ransom payments in the second half of the year since 2021, according to Chainalysis. However, last year’s decline was more pronounced than in the last three years.

Related:HPE Employees' Data Stolen In Midnight Blizzard Attack

Casey Ellis, founder of Bugcrowd, said this drop in ransom payments is a “fascinating” trend, but not entirely surprising when you dig into the dynamics at play.

Bugcrowd's Casey Ellis

“The combination of increased law enforcement pressure, better international collaboration and organizations refusing to pay is clearly making a dent,” he said. “It's a testament to the fact that the pay or don't pay debate is evolving into a broader conversation about resilience and deterrence. Will this trend continue in 2025? It's possible, but I wouldn't bet the farm on it. The ransom business model is an arms race, and threat actors are nothing if not adaptable. When one revenue stream dries up, they pivot. We've already seen a shift toward exfiltration-based extortion, stealing data and threatening to leak it if the ransom isn't paid. This tactic sidesteps some of the technical challenges of encrypting data and plays on the victim's fear of reputational damage.”

Ransomware Attackers Could Further Diversify Methods

The decrease in ransom payments might push attackers to diversify their methods further, Ellis said. For example, there could be more focus on supply chain attacks or targeting critical infrastructure, where the stakes − and the potential payouts − are higher. It's like squeezing a balloon: pressure in one area just makes it bulge somewhere else.

Related:The Gately Report: More Services, Certifications Coming for Qualys Partners

“Ultimately, this trend underscores the need for a multipronged approach to ransomware,” he said. “It's not just about making it harder for attackers to succeed; it's about making the entire ecosystem less profitable for them. That means better defenses, smarter incident response and continued collaboration [among] governments, law enforcement and the private sector. The fight's far from over, but this is a step in the right direction.”

Darren Guccione, Keeper Security’s CEO and co-founder, said the decrease reflects the growing emphasis on improving cybersecurity practices, including stronger compliance requirements and a shift in victim behavior as more organizations choose not to pay ransoms.

Keeper Security's Darren Guccione

“While this is a positive step, it's not entirely unexpected given the industry's growing awareness and improved defenses, including enhanced strategies and modern cloud-based solutions like privileged access management (PAM), which help to both mitigate risks and significantly limit the damage if an attack does occur,” he said. “As organizations become better equipped, we hope to see this trend continue into 2025. However, we know cybercriminals never stop adapting their tools and tactics. With fewer financial rewards from ransom payments, they may turn to alternative methods of extortion, such as data theft, blackmail or exploiting other vulnerabilities. The decrease in ransom payments is encouraging, but individuals and organizations alike must stay vigilant and prepared, as it's crucial to stay protected against evolving tactics.”

Related:'Fiercely Competitive' Network Security Market to Hit $38 billion by 2029

Not Paying Could Be More Damaging

Ngoc Bui, cybersecurity expert at Menlo Security, said while paying ransoms might incentivize threat actors, the reality is not paying could be more damaging, especially for organizations involved in critical infrastructure.

“The disruption from ransomware can be catastrophic, and organizations must prioritize protecting operations and stakeholders,” she said. “Organizations that suffer a ransomware attack should also use it as a learning opportunity to adjust their security measures and ensure they are using actionable intelligence to do so.”