Ransomware payments have significantly declined, dropping 35% year-over-year in 2024.

According to a report from blockchain intelligence firm Chainalysis, total payments amounted to $813.55 million, down from the staggering $1.25 billion recorded in 2023. Additionally, only about 30% of victims who engaged in ransom negotiations ended up making payments.

Despite the decline in payments, 2024 saw a record-breaking number of ransomware breaches, with cybersecurity firm NCC Group reporting 5,263 successful attacks. One notable incident involved a Fortune 50 company paying $75 million to the Dark Angels ransomware group. However, Chainalysis data suggests that attackers are struggling to extort victims, leading to an increase in data leaks as hackers attempt to apply more pressure.


Why Are Ransomware Payments Declining?

Several factors have contributed to this sharp decrease in ransom payments:

  • Stronger Cybersecurity Measures: Organizations are investing more in cybersecurity defenses, relying on backups rather than paying ransoms.
  • Distrust in Ransomware Groups: Many victims no longer believe hackers will delete stolen data after receiving payment.
  • Legal and Regulatory Pressure: Governments are cracking down on ransom payments, discouraging negotiations with cybercriminals.
  • Law Enforcement Operations: Major takedowns, such as Operation Cronos, disrupted groups like LockBit, while the collapse of ALPHV/BlackCat created instability in the ransomware ecosystem.

Even when payments were made, Chainalysis reports that they were often negotiated down, signaling a shift in how organizations handle ransomware threats.

Ransomware Laundering Becomes More Difficult

Even for ransomware gangs that manage to secure payments, laundering the money has become increasingly complex. Law enforcement crackdowns on cryptocurrency mixers and non-compliant exchanges have forced cybercriminals to adopt new tactics.

READ
U.K. Healthcare Provider HCRG Care Group Investigates Ransomware Attack

Chainalysis found that ransomware actors are now favoring cross-chain bridges to hide their transactions instead of traditional mixing services. However, centralized exchanges remain the most popular method for cashing out, with 39% of ransomware proceeds flowing through them.

Interestingly, a growing number of ransomware affiliates are now hesitant to cash out altogether, opting to hold onto their funds in personal wallets due to fear of being traced and arrested. This shift indicates that authorities are tightening their grip on ransomware operations, making it harder for cybercriminals to operate.

While ransomware attacks remain a persistent threat, the decreasing ransom payments suggest that businesses and law enforcement efforts are making a tangible impact in disrupting the cybercrime industry.