Ransomware attacks: significantly less ransom paid again in 2024
Various measures against cybercriminals have once again shown success in 2024: Ransom payments following ransomware attacks have fallen again.
(Image: janews/Shutterstock.com)
Last year, ransom payments following ransomware attacks fell again significantly. This was determined by Chainalysis, which sees measures taken by law enforcement authorities, better international cooperation and more frequent refusal to pay as the causes. For its "Crypto Crime Report", the blockchain analysis company counted ransomware payments totaling 814 million US dollars, 35 percent less than in the previous year. According to the report, there was only a major decline from 2021 to 2022, after which the total amount almost doubled again within a year.
Decline, but no all-clear
As Chainalysis goes on to explain, the sum of ransom payments rose slightly in the first half of 2024, only to then fall sharply. This dichotomy has been observed every year since 2021, but was much more pronounced in 2024. Of the ten largest criminal groups carrying out attacks with ransomware, only one , Akira, was able to increase its prey during this period, while the rest saw significant declines in some cases. Law enforcement agencies were also responsible, having dismantled gangs such as Lockbit. At the same time, it was observed that other gangs no longer jumped straight into the breach after such operations.
Videos by heise
Chainalysis also found that more victims of ransomware were named on relevant websites last year than ever before. The number of such sites has also more than doubled. However, this does not necessarily mean that more ransomware attacks were actually successful. For example, some gangs have started naming alleged victims where no attacks were successful at all. Those responsible for LockBit in particular have tried to appear relevant by naming outdated or simply invented attacks, even after the successful prosecution by law enforcement authorities.
Another trend identified by Chainalysis was that ransom payments continued to be made primarily to large cryptocurrency exchanges, personal wallets and so-called bridges. The previously widely used mixers have therefore gone completely out of fashion. This underlines the success that state actors can have, for example by sanctioning such services. This is what happened to Tornado Cash, for example, even though this decision was deemed unlawful by a US court in the fall. A year earlier, authorities from Germany and the USA had succeeded in shutting down the money laundering service Chipmixer.
(mho)
