Key Takeaways:
- Ransomware payments dropped 35% in 2024 due to stronger law enforcement and victim resistance.
- Attackers shifted tactics, with new strains emerging and faster operations.
- Major ransomware groups like LockBit and BlackCat saw major setbacks.
A report prepared by Chainalysis revealed payments for ransomware down 35% in 2024, at $813.55 million, compared to $1.25 billion in 2023. It is a breakthrough, with victims no longer wanting to pay, and with operations interrupted by law enforcement. Crackdowns on larger ransomware gangs, increased cybersecurity, and collaboration between nations all helped contribute towards a fall in payments.
Despite this, opponents soon adapted. New strains of it emerged, sometimes developed with compromised and reused code. The shift could be noticed in that opponents rebranded, altered negotiation techniques, and operated at a quick pace.
Notably, the first half of 2024 saw a spike in these payments, including a record-breaking $75 million ransom paid to Dark Angels. However, the second half saw a drastic slowdown, with payments dropping by nearly 35%.
Law Enforcement Disrupts Ransomware Giants
The fall of LockBit and BlackCat, two major ransomware groups, reshaped the cybercrime landscape. LockBit, a top earner, saw its operations severely disrupted following a joint effort by the UK’s National Crime Agency and the FBI.
Payments linked to the group plummeted by 79%, showcasing the power of international law enforcement. Meanwhile, BlackCat, once a major player, exit scammed in early 2024, leaving a vacuum in the ransomware market.
With these major groups out of the picture, the ecosystem saw a surge in new, smaller ransomware actors. RansomHub, a new entrant, quickly filled the gap, becoming the most active ransomware-as-a-service (RaaS) operation.
However, many new entrants focused in small and medium-sized organisations, and thus, reduced payments for ransoms. Decline in payments was accompanied with an increase in spurious and duplicate victim claims at leak websites, an attempt by hackers to remain relevant.
Shifting Trends in Ransomware Laundering
As payments diminished, traditional types of money laundering did, as well. Hackers no longer utilized mixers, a staple for washing illicit funds in years past, following actions taken by regulators against tools including Tornado Cash and ChipMixer. Hackers increasingly moved funds through cross-chain bridges and centralized exchanges, in its stead.
A surprising new development was the heightened level of locked ransom funds in individual wallets. That shows that criminals don’t dare to cash out in anticipation of increased scrutiny and uncertainty in law enforcement activity. Crackdowns on no-KYC exchanges, particularly in Russia, also heightened off-ramping risk.
Related Reading | Bitdeer Dominates Bitcoin Mining with $21M Power Plant Expansion in Alberta, Canada