The total value of payments made to cyber criminal ransomware Gangs fell dramatically in the back half of 2024, and according to statistics released this week by ChainalysisA Supplier of Blockchain and Crypto Services, Less than Half of Victims of Recorded Incidents even made a payment.
Chainalysis Found That Over 2024 as a Whole, Ransomware Gangs Colletistic The second half, they Dropped by 37.5% in the second.
Its analysts sugged Additional, they said, more victims seem to be refusing to pay.
However, Wrote the Report's Authors, this does not mean that cyber criminal operations are shutting up shop.
“In response, many attackers shifted tactics, with new ransomware strains emerging from rebranded, leaked or purchased code, reflected a more adaptive and agile threat environment,”
“Ransomware operations have also also become faster, with negotiations often being within hours of data exfiltration.”
Coveware Senior Director of Incident Response Lizzie Cookson, Who Shared Insight with the Chainalysis Team for the report, said the market had nevere really recovered Following the download the download Lockbit and Alphv/Blackcat Gangs.
“We saw a risk in lone actors, but we did not see any group (s) Swiftly absorb their market share, as we had seen Haappen after Prior High-Profile Takedows and Closures,” SAID COKSON “The Current Ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the Small- to Mid-Size Markets, which in Turn Are Associated with More Modest Ransom Demands.”
Improved Cyber Security Hygiene and resiliency may also be playing a role here. The Increased Profile of Ransomware Attacks in Daily Discourse means Organizations are and better in defensecrey countersusures, and hence find the themeselws between the altar To reduce the final payments, or explore other options such as ignoring the gangs and restoring From backups when they get hit.
Christian Geyer, Founder and CEO at ActforeA Washington DC-Area Cyber Forensics Specialist, Said: “Organisations have Increasing Comprehensive Comprehensive Data Backup Solutions, So the Business Can Rapidly Recovers Restore process.
“Many is more tech-driven when it comes to Incident Response Services, Enabling them to identify the breeded data much time,” He Told Computer Weekly. “Digital Forensics is not only getting more advanced and precise, but data mining services and incident response are evolving to be more efficient and proactive. Technology is allowing Organizations to Better Understand The Contents of the Stolen Data Before Processing Down the Road of Ransom Payment. “
Geyer also Said Victims May Be Resisting Demands out of Concern Over the Ethical and Legal Ramifications of Sending Large Ransomware Payments to Unknown, Unidentipted actors.
“For instance, if the threat actor is a foreign nation-state sponsored terrorist group, then it could be seen as illgal to be paying money to that those adversaries,” He Said. “The Playing Field Backets More Level when you have more data to make decisions about when there to pay or not.”
Changing Behavior
Chainalysis's insight into how cyber criminals exploit the world of crypto in their Attacks may also also explain some of the changes. The team said they observed significant changes in how ransomware gangs “off-ramp” their funds, with a significant decline in the use of so-called mixers in 2024-Likely tests and SANCTIONS ACTIONS
A far higher proportion of ransomware funds are now flowing through Centralized Exchanges, and Personal Wallets, While Cross-Chaain Bridges are Replacing Mixers as a means a means a means a means a means a means a means ais.
The use of personal crypto wallets is particularly interesting, said chainalysis, and likely a big factor in the decline.
“Curiously, ransomware operators, a primarily financially motivated group, are abstaining from cashing out more than ever,” They said. “We attribute this largely to increase caution and unce here Omware laundering, resulting in insecurity am
Getting Speculative
Finally, Jon Miller, CEO and Co-Founder of Ransomware Prevention Specialist HalcyonSugged there may be another factor to partially explain the decline.
“2024 was a major election year in the us, with a lot at stake for nation-states like russia, who give safe harbor to ransomware operators,” He Said.
“The 2022 'Lull' has been attributed to russia redirecting some Criminal Resources to ConduC e in part the result of the most talented ransomware operators Being Yet Again Pulled Off Their Cyber Criminal Activities to Support Russian State Priorities Around the US Election, so the drop was most precitous in the second half of the year. ”