Ransomware payments drop 35% in 2024, signaling better business preparedness

Despite a record-breaking year for ransomware attacks, payments to cybercriminals have significantly decreased, suggesting businesses are becoming more resilient and less willing to pay ransoms. The volume of ransomware attacks surged to an all-time high of 5,263 successful breaches, as reported by NCC Group, but the amount paid to attackers fell sharply.

According to blockchain intelligence firm Chainalysis, ransomware payments totaled $813.55 million in 2024, a 35% drop from the $1.25 billion recorded in 2023. Even a record $75 million ransom payment by a Fortune 50 company to the Dark Angels ransomware group couldn't offset the overall decline.

Why ransomware payments are falling

Several key factors contributed to the decline in ransomware payments, chief among them being improved cybersecurity preparedness. Organizations across industries have bolstered their defenses, adopted better risk management strategies, and enhanced data backup and recovery processes.

A growing skepticism about ransomware groups’ promises to delete stolen data has also contributed. Many organizations now recognize that even after payment, cybercriminals may not uphold their end of the deal. Furthermore, increased legal and regulatory scrutiny has discouraged businesses from negotiating, opting instead to absorb reputational damage and recover systems independently.

Law enforcement efforts have also had a significant impact. ‘Operation Cronos,’ which targeted and disrupted LockBit—the most notorious ransomware gang at the time—dealt a major blow to cybercriminal operations. Additionally, the collapse of ALPHV/BlackCat created instability in the ransomware ecosystem, with smaller threat actors struggling to fill the void despite RansomHub’s relative success.

Challenges in laundering ransomware proceeds

Even for cybercriminals who successfully extract ransom payments, laundering the funds has become increasingly difficult. Crackdowns on cryptocurrency mixers and exchanges that fail to comply with Know Your Customer (KYC) laws have forced ransomware actors to seek alternative methods.

Chainalysis reports that cybercriminals are now shifting away from traditional mixing services in favor of cross-chain bridges to obscure transactions. Still, centralized exchanges remained the primary cash-out method in 2024, handling 39% of ransomware proceeds. However, a rising number of affiliates are choosing to hold funds in personal wallets, fearing law enforcement tracking and potential arrests.

A turning point?

The significant decline in ransomware payments in 2024, despite the record number of attacks, suggests a potential turning point in the fight against ransomware. While the threat remains significant, businesses are demonstrating greater resilience and a growing unwillingness to succumb to cybercriminals' demands. Continued investment in cybersecurity, improved data protection practices, and ongoing law enforcement efforts will be crucial in further reducing the financial incentives for ransomware attacks.