Despite the catastrophic hacks, ransom payments drastically decreased last year

But in fact, both law enforcement operations may have been more successful than they looked. Alphv, after receiving his $ 22 million ransom from Change Healthcare, withdraw the so -called “exit fraud” by taking the money and disappearing instead of sharing it with the hacking partners who committed the change of change. Lockbit also largely fell from the map in the months that followed the NCA download, because of perhaps due to the disbelief of the group’s cybercriminator to the group and his alleged leader Dmitry Horoshev when it became clear that NCA had identified it. In May 2024, Horoshev was also sanctioned by the US Department of Finance, which made it far more susceptible to Lockbit’s victims to pay the group ransom.

While the vacuum left by these major players in the Ransomware ecosystem was filled by more new groups in the second half of 2024, many of them did not have the skills or attempt to go after goals and also protected as Lockbit and Alphv, says Burns Koven. The result, according to her, was far less payments for ransom, often in tens of thousands of dollars, not millions or tens of millions.

“Their talent is not as healthy as their predecessors,” says Burns Koven for the more generation of Ransomware bands. “We see the hangover of these law enforcement downloads, not only directly directed to people and strains of malware, but also the infrastructure and tools and services that have been used to support these attacks.”

Last year, they actually saw more ransom incidents than the previous year, says Alan Liska, an analyst for a threat intelligence focused on Ransomware in the defense company recorded the future. The company counted 4634 attacks in 2024 against 4,400 in 2023. But the lower sums of ransom received from those more ransom groups suggest that they may have preferred the quantity above quality, he says. “What we see in terms of payments is a reflection of the worse participants in the threat who are attracted to the amount of money they see that you can do at Ransomware trying to get into the game and not be very good at That, “says Liska.

In addition to the basic actions of law enforcement in early 2024, Chainalysis attributes the decline in payments in the second half of the year to increased global awareness Regarding the threat of ransom, which leads to more mature defense and reaction plans within governments and other institutions. And Burns Koven adds that the regulation of cryptocurrency and law enforcement Repression for money laundering infrastructureIncluding mixers that help criminals anonymize and affect the source of their unscrupulous cryptocurrencies have also destroyed the ability of ransom software actors to deal with payments without specialized knowledge.

Although the decline in payments in the second half of 2024 is important that it is the largest in Chainalysis data, the number of ransom attacks and the volume of payments is fluctuating and decreased before. Notably, Researchers Saw a Marked Decrease in Activity in 2022, A Year in Which Chainalysis Placed Total Ransomware Payments at $ 655 Compared to $ 1.07 Billion in 2021 and NEARLY Ere Initially Heartened That Their Deterrence Efforts Were Working, Ransomware withdrew as an even more terrible threat in 2023, a total amount, according to the number of Chainalysis, $ 1.25 billion in payments this year.