according to New report Analysis from the chain.
Despite the increase in ransomware attacks in 2024, ransomware gangs made less money, earning $814 million, compared with a record high of $1.25 billion in 2023. Blockchain analytics companies attribute the decline to various factors, including an increase in enforcement actions and sanctions, and the increasingly refusal of victims to pay their attackers.
Last year, less than half of all recorded ransomware attacks resulted in victim payments. Jacqueline Burns Koven, head of cyber threat intelligence at Chainalysis, told Coindesk that part of the non-payment trend could be attributed to growing distrust, and that following the needs of attackers can actually lead to victims being stolen data being forgotten by attackers deleted by the person.
In February 2024, United Healthcare, an American insurance company, paid a ransomware Black Cat $22 million in ransomware after violating one of its subsidiaries and exposing patient data. But the Black Cat exploded shortly after paying the ransom, and data from UN health care for protection was leaked. Similarly, in early 2024, a strike by Lockbit, another Russian ransomware gang in the U.S. and UK law enforcement, also showed that the group did not actually delete the victim’s data as promised.
“Its revelation is that paying ransoms does not guarantee data deletion,” Cowen said.
Even if ransomware victims want to pay, their hands are often tied International sanctions.
“There are a series of sanctions for different ransomware groups and certain entities because this poses a sanction risk, so the risk threshold for willingness to pay them does not exceed its risk threshold,” Kovin said.
Chainalysis’ report points to other reasons for the reduction in payments in 2024 – victims are working hard. Lizzie Cookson, senior director of incident response at Coveware, a ransomware response company, told Chainalysis that many victims can now better resist attackers’ needs due to improved cyber hygiene.
“They may have finalized that the decryption tool is their best choice and negotiated to reduce final payments, but more commonly, they found that recovery from recent backups is a faster and more cost-effective path,” Cookson said in the report. .”
Confirm the challenge
Chainalysis’s report also shows that ransomware attackers are also working to deliver on their ill-gotten gains. The company’s use of crypto mixers in 2024 has “significantly declined” and the report is attributed to “the destructive effects of sanctions and enforcement actions, such as actions targeting Chipmixer, Tornado Cash and Sinbad.”
Last year, more ransomware actors simply put their funds in their personal wallets, the report said.
It said: “What’s strange is that ransomware operators are a largely financially motivated group that avoids cashing out more than ever. We attribute this primarily to increased caution and uncertainty. Participate in or promote ransomware. Money laundering services lead to insecurity among threat actors that they can invest money safely.”
expect
Despite the obvious impact of law enforcement on the crackdown on ransomware gangs last year, Kowen stressed that it is too early to say whether the downward trend will stay here.
“I think it’s too early to celebrate because all factors can be reversed in 2025, because those big attacks (large game hunting) can be recovered,” Cowen said.
You can read the full report here On the Chain Analysis Blog.
