Ransomware payments plummeted by over a third in 2024, totaling $813 million (£650 million), a significant decrease from the previous year’s $1.25 billion.
The drop is attributed to victims increasingly refusing to pay cybercriminals, along with law enforcement’s efforts to dismantle criminal gangs, according to data from the research firm Chainalysis.
Decrease Despite High-Profile Attacks
The decline comes despite several major ransomware attacks in 2024, including incidents involving NHS trusts in the UK and US-based Krispy Kreme.
Ransomware attacks involve criminals locking access to a victim’s computer or data and demanding a ransom, typically paid in bitcoin, to release it.
Payments fell sharply in the second half of the year, reflecting both the crackdown on cybercriminals and the growing resistance from victims.
The $813 million total for 2024 is lower than the figures from 2020 ($999 million) and 2019 ($1.1 billion).
How Ransomware Attacks Work
Cybercriminals typically infiltrate IT systems, steal sensitive data, and encrypt files.
They then demand a ransom to decrypt the data, often targeting organizations worldwide, including those in Russian and former Soviet states.
Impact of Law Enforcement and Refusal to Pay
Jacqueline Burns Koven, Head of Cyber Threat Intelligence at Chainalysis, explained that the decline in payments shows the effectiveness of law enforcement actions and improved international cooperation.
She said:
“This sharp decline, to levels even lower than those in 2020 and 2021, speaks to the growing refusal by victims to cave into attackers’ demands.”
However, she warned the the drop in payments is “fragile” and ransomware attacks remain a widespread issue.
Despite the reduction in payouts, the total ransom demands in the second half of 2024 were 53% higher than what was actually paid, further indicating that victims were more willing to resist paying.
A Shift in the Ransomware Landscape
The decline in payments is also reflected in the reduced number of “on-chain” payments, a term used for transactions recorded on the blockchain, where ransomware payments are often tracked.
This suggests fewer victims are meeting the demands of cybercriminals.
Experts point to several factors influencing the downturn in payments. Lizzie Cookson, from the ransomware response firm Coveware, noted that the February takedown of the notorious LockBit gang and the disappearance of BlackCat/ALPHV have had a lasting impact.
Cookson added:
“The market never returned to the previous status quo after the collapse of LockBit and BlackCat/ALPHV.”
Newer ransomware groups have emerged, typically targeting smaller organizations with more modest ransom demands.
Hiring? Post jobs for free with WhatJobs
UK Government Takes Action
In the UK, ministers are considering a ban on ransomware payments by public bodies, including schools, NHS trusts, and local councils.
If enacted, the new rules would require private companies to report ransomware payouts to the government, which could block payments.
Ransomware attacks may be made subject to mandatory reporting if the consultation leads to legislative changes.
Need Career Advice? Get employment skills advice at all levels of your career
The Road Ahead: Will Ransomware Payments Continue to Fall?
While the decrease in ransomware payments marks a significant shift, experts agree that the threat is far from over. Law enforcement actions, international cooperation, and the ongoing refusal by victims to pay are crucial in the ongoing battle against ransomware gangs.
Whether the downward trend in payments will continue depends on how well the industry adapts to emerging cyber threats and how quickly authorities can respond to new criminal tactics.
