Ransomware payments fell 35% in 2024 because more victims refused to pay: chainalysis

Ransomware business struck in 2024, with payments falling 35% year-on-year, according to a new report From the chainalysis.

Although the number of ransomware attacks increased in 2024, ransomware gangs made less money, taking $ 814 million compared to 2023 high value of $ 1.25 billion. The Blockchain Analytics firm provides denial of various factors, including a revolt over law enforcement actions and penalties, as well as a growing refusal of victims to pay their attacks.

Last year, less than half of all recorded ransomware attacks resulted in victim payments. Jacqueline Burns Koven, the head of the cyber threat, told CoinDesk that part of the non -payment trend could be attributed to a growing distrust that complies with the demands of the attacks will actually result in stolen data of the data of victims removed from the property of the attack.

In February 2024, the American Insurance Company United Healthcare paid a $ 22 million ransom to the Russian ransomware Gang Blackcat after one of its subsidiaries was damaged and exposed patient data. But BlackCat was implicated shortly after the ransom was paid, and United Healthcare data paid to protect it was scattered. Similarly, the takedown of another Russian ransomware gang, Lockbit, of US and UK law enforcement in early 2024 also revealed that the group did not actually delete the data of the victims as promised.

“The illumination is that paying a ransom has no guarantee of data removal,” Koven said.

Koven added that, even though ransomware victims want to pay, their hands are often tied by international penalties.

“There was a spate of sanctions against different ransomware groups and for some creatures, out of their risk ready to pay them because it generates a penalty risk,” Koven said.

The points of the Chainalysis’ report on another reason for the reduced payment in 2024 – the victims were getting married. Lizzie Cookson, senior director of the Coveware response incident, a ransomware of responding to the incident, told chainalysis that, due to improved cyber hygiene, many victims could better prevent the requests of the attacks.

“They can determine that a decryption tool is their best choice and negotiate to reduce final payment, but more often, they find that restoration from recent backups is the faster and more effective Path, “Cookson said in the report.

Challenges to Cashing-Out

The Chainalysis’ report also suggests that attacking ransomware also has difficulty in cashing-out their bad acquisitions. The firm found a “great decline” in the use of crypto mixers in 2024, which reports that the “disturbing impact of penalties and law enforcement actions, such as Chipmixer, Tornado Cash Patients and Actions , and sinbad. “

Last year, more ransomware actors only held their funds in personal purses, according to the report.

“It’s intriguing, the ransomware operators, a major financial group that is motivated, have avoided from cashing out more than before,” he said. “We recognize this with more care and uncertainty amidst what is probably noticed as undoubted and decisive actions that target individuals and the services that participate in or facilitate laundering of ransomware, resulting in a lack of peace with the threat actors about which they are safe to place their funds.

Looking forward

Despite the clear impact of law enforcement implementation on the ransomware gangs last year, Koven emphasized that it was too early to tell if the descending trend was here to stay.

“I think the festival was ahead, as all the factors were there to reverse it in 2025, for big attacks – the big hunting game – to continue,” Koven said.

You can read the full report Here In the chainalysis blog ‘.