But in fact both offenders may have been more successful than they appeared. Alphv, after receiving his $ 22 million healing from Change Healthcare, pulled a so-called “way out”, taking the money and disappearing instead of sharing it with the Hacker partners who carried out the change break. Lockbit also mostly dropped from the map in the months that followed the NCA’s deduction, perhaps to the distrust of the Cybercriminal Underground group about the group and its alleged leader, Dmitry Khoroshev, when it became clear that the NCA identified him . In May 2024, Khoroshev was also sanctioned by the US Treasury, making it much more legally complicated for Lockbit casualties to pay a ranser to the group.
While the vacuum left behind by those major players in the Ransomware system was filled by newer groups during the second half of 2024, many of them did not have the skills or experiences to go after goals as large and as defended as Lockbit and Alphv had, says Burns Kosten. The result, she says, were much smaller ransom payments, often in the tens of thousands of dollars instead of the millions or tens of millions.
“Their talent is not as strong as their predecessors,” Burns Koven says of the newer generation of Ransomware gangs. “We see the healing of these laws, not only aims directly at the individuals and stresses of malware, but also the infrastructure and tools and services that have been used to help perpetuate these attacks.”
Last year actually saw more ransomware incidents than the previous year, says Allan Liska, a threatening smart analyst focused on ransomware at the security firm registered future. The company numbered 4,634 attacks in 2024 against 4,400 in 2023. But the lower ransom sums received from these newer ransomware groups suggest that they may favor quantity over quality, he says. “What we see about payments is a reflection of newer threatening actors attracted by the money they see you can do in ransomware, trying to enter the game and not very well,” Liska says.
In addition to important acts of law in early 2024, Chainalizo attributes the decline of payments during the second half of the year to a higher global awareness About the threat of ransomware, leading to more mature defenses and corresponding plans within governments and other institutions. And Burns Koven adds that regulation and bill of Cryptocurrency Crack of Mona laundering slotsIncluding mixers that help criminals anonymously and push away the source of their misbehaving cryptocurrencies, also eroded the capabilities of ransomware actors to address payments without specialized knowledge.
While the decline of payments during the second half of 2024 is significant to be the largest ever in Chainalysis data, the number of ransomware attacks and volume of payments fluctuated and decreased previously. Notably, researchers saw a marked decline in activity in 2022, a year in which Chainalysis put total ransomware payments at $ 655 million compared to $ 1.07 billion in 2021 and nearly $ 1 billion in 2020. But while governments and defenders were initially heartfelt. Working, Ransomware went back as an even more terrible threat in 2023, in total, with Chainalysis’s calculation, $ 1.25 billion payments that year.
