Advertisement
Ransomware Profits Tumble 35% to $813M in 2024, Marking First Decline Since 2022: Chainalysis
- A new Chainalysis report reveals a 35% drop in ransomware earnings; down from US$1.25B in 2023 to US$813.55M in 2024.
- Law enforcement efforts and global collaboration contributed to this decline; major groups like LockBit and BlackCat faced significant disruptions.
- Although more targets emerged, fewer victims paid ransoms; criminals resorted to re-listing old attacks to remain relevant.
- The trend suggests better defences and a growing unwillingness to comply with ransom demands, which in turn reduces cybercriminals’ overall profitability.
Despite the popular perception of increasing threats by ransomware, a report by Chainalysis suggests things are actually looking up. Year-over-year the illicit gains from ransom payments dropped by an encouraging 35%, which the analysts attributed to “increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay”.
Related: Trump’s New Era: Ripple’s Legal Chief Hails Transformative Shift in Crypto Regulation
Still, in 2024 attackers pocketed a handsome sum of US$813.55 million (AU$1.29 billion), although the number is down by over a third from 2023, when nefarious actors were able to make their victims part with a “record-setting” US$1.25 billion (AU$1.99 billion).
Law Enforcement Efforts Pay Off
The report also explains that after a surge in the first half of 2024, the second half saw luckily a drop in payment activity, in large part due to the law enforcement efforts. A joint operation by the United Kingdom’s National Crime Agency (NCA) and the US Federal Bureau of Investigation (FBI), which started in the first half, seemed to have had a lasting effect.
The joint effort massively disrupted operations by ransomware groups like Lockbit and BlackCat/ALPHV.
The Senior Director of Incident Response at Coveware, Lizzie Cookson, told Chainalysis that the market never quite recovered after the “collapse of LockBit and BlackCat/ALPHV”.
We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share, as we had seen happen after prior high profile takedowns and closures. The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands.
Lizzie Cookson, Senior Director of Incident Response at Coveware, The sleuths also found out that although more people were targeted by cybercriminals, less of them paid up.
Criminals Go Empty-Handed, Lie About Attacks
Threat Intelligence Analyst at Recorded Future, Allan Liska, told Chainalysis that the number of new data leak sites doubled in 2024. Although, as is often the case, it’s not all as it appears at first glance.
Because it turns out some of the criminals actually made stuff up about the extent of their attacks.
Related: Crypto Czar Announces “Evaluation” of Bitcoin Reserve as Market Dips
Advertisement
Threat Researcher at eCrime, Corsin Camichel, for example said that some of the attackers, like LockBit, wanted to remain relevant and re-posted claims about past events.
The LockBit operators played games to pretend to stay relevant and active after a law enforcement action called ‘Operation Cronos,’ as they re-posted many previously listed claims again or added attacks that happened a long time ago, some even over one year ago.
Corsin Camichel, Threat Researcher at eCrime Director of Incident Response, EMEA at Kivu Consulting, Dan Saunders, added that in the majority of cases no payment was made, which suggests that people are increasingly taking steps to counter exploitative attacks.
Author
Aaron Feuerstein
Aaron Feuerstein is a freelance writer based in Melbourne. His focus is on decentralised finance and the regulatory space surrounding blockchain. He holds a Master's in Accounting. When he is not studying the latest legal case, he enjoys his time as a modest but eager hobby cook.
