Ransomware funds fell by 35% year-over-year in 2024 amid a rising refusal by victims to pay calls for, in accordance with a brand new Chainalysis report.
Ransomware teams obtained roughly $813.55m in extortion funds from victims final yr, which compares to a record $1.25bn in 2023.
Notably, within the first half of 2024, ransomware revenues had been 2.38% greater than in comparison with H1 2023. Nonetheless, cost exercise slowed considerably in H2 2024.
A significant component within the fall in ransomware funds seems to be a rising refusal of victims to pay.
The researchers noticed that whereas the number of ransomware events increased into H2, on-chain funds declined.
There was a major widening of the hole between information leak website victims being posted and funds being made through the latter a part of 2024. This implies that extra victims had been focused, however fewer paid.
Commenting on the analysis, Lizzie Cookson, Senior Director of Incident Response at ransomware restoration specialist Coveware, argued that improved cyber resiliency is enabling many victims to withstand calls for and discover a number of choices to get well from an assault.
“They might finally decide {that a} decryption instrument is their most suitable choice and negotiate to cut back the ultimate cost, however extra typically, they discover that restoring from latest backups is the sooner and more cost effective path,” she defined.
Dan Saunders, Director, Incident Response, EMEA at Kivu Consulting, cited information from his agency which confirmed that round 30% of negotiations really result in the victims deciding to pay the ransoms.
“Usually, these choices are made primarily based on the perceived worth of information that’s particularly been compromised,” he acknowledged.
A Ponemon Institute survey in January 2025 discovered that simply over half (51%) of ransomware victims paid a ransom demand to the attackers. Stopping stolen information from being leaked and downtime had been the first components in deciding to pay a ransom.
Fragmented Ecosystem Results in Lowered Ransomware Funds
The Chainalysis report discovered that main disruptions to the ransomware ecosystem in 2024 additionally contributed to the decline in ransomware income final yr.
This included the law enforcement takedown of LockBit in February 2024 and the BlackCat group’s apparent ‘exit scam’ following its assault on Change Healthcare.
Whereas LockBit has rebranded and made a comeback, Chainalysis discovered that funds to the group fell by round 79% in H2 2024 in comparison with H1. This implies the regulation enforcement operation has had a long-lasting influence on the group’s capabilities.
These disruptions have resulted in a extremely fragmented ransomware ecosystem, with a rise within the variety of smaller teams and lone wolf actors to fill the void. This has in flip resulted in decreased assaults on “large sport” targets.
Cookson famous: “The present ransomware ecosystem is infused with a variety of newcomers who are likely to focus efforts on the small to mid-size markets, which in flip are related to extra modest ransom calls for.”
