But in fact, both laws can be more successful than enforcement operations. ALPHV, after receiving his $ 22 million ransom from Change Healthcare, pulled out a so -called “exit scam”, disappeared instead of taking money and sharing it with hacker partners who had violated the change. Lockbit, also, fell from the map in the months after the NCA's techdown, perhaps due to the mistrust of the Group of Cyber Criminal underground and its alleged leader Dimitri Khorashev, when it became clear that NCA had identified him. In May of 2024, Khorashev was also approved by the American Treasury, making it more legally complicated to give ransom to the group for lockbit victims.
While the vacuum abandoned by those prominent players in the ransomware ecosystem was filled by new groups during the second half of 2024, many of them did not have skills or experience to go after goals and at the same In the rescue, Burns Kovan is called, was. The result, she says, was very small ransom payment, often in thousands of dollars instead of millions or tens of millions.
“Their talent is not quite strong as their predecessors, saying Burns Kovan Rainmine gangs. “We are looking at the hangover of these law enforcement takedown, not only targeting individuals and malware strains, but also infrastructure and equipment and services were used to help end these attacks. . “
Last year actually saw more ransomware events than the previous year, Alan Licca says, a threat intelligence analyst focused on ransomware in the security firm recorded in the future. He said that the firm counted 4,634 attacks in 2024 vs 2023. “What we are seeing in the context of payment is a reflection of new danger actors to be attracted to the amount they see that you can make in ransomware, trying to get into the game and not very good in it. Is, “Licka says.
In addition to the major law enforcement action in early 2024, Channelis credits the decline in payment during the second half of the year. Global awareness Regarding the danger of ransomware, leading to more mature rescue and response plans within governments and other institutions. And Burns Kovan says that cryptocurrency regulation and law enforcement Crackdown on money laundering infrastructureWhich includes mixers who help criminals anonymity and suddenly to do the source of their sick cryptocurrency, have also eradicated the capabilities of the ransomware actors to handle the payment without special knowledge.
While the decline in payments during the second half of 2024 is important to be the largest in the data of Channelis, the number of ransom attacks and the amount of payment has ups and downs. In particular, researchers saw a notable decrease in activity in 2022, a year in which Channelis placed a total ransomware payment $ 655 million in 2021 as compared to $ 1.07 billion and about $ 1 billion in 2020. Working, ransomware returned as even more serious threats in 2023, from the total, the counting of the channel, $ 1.25 billion in payment that year.