Analysis: ransomware payments are going down, and there's a reason
A new report says that the number of victims who paid ransomware gangs fell by 46% despite a 70% increase in the number of victims. This suggests ransomware might be easier to deploy but harder to monetize.
According to Chainalysis, a blockchain analysis firm, significant actions were taken against ransomware actors in 2023 and early 2024. For instance, the LockBit and ALPHV-BlackCat ransomware-as-a-service groups were taken down.
That’s why it’s important to evaluate the historic surge of ransomware incidents and payment totals in this context, the company says.
Yes, the diversification of malware strains and services, reinvestment in future attacks, and the ability to quickly adapt and rebrand in the face of adversity “speaks to the resilient dynamic nature of threat actors in the ransomware ecosystem.”
But disruptions have proved to be impactful and pretty effective. 2023 saw record ransom payment totals and a significant increase in the number of victims, said cybersecurity firm Recorded Future.
But the definition of a victim is important. “Just because a victim appears on an extortion site, that doesn’t mean they were actually a victim – many extortion sites are notorious for lying about victims to generate notoriety or mentions on social media,” said Allan Liska, a threat intelligence analyst at Recorder Future.
Besides, despite the surge in attacks in 2023, ransomware attacks involving payments decreased by 46%. Chainalysis data shows.
“Essentially, it seems that while deploying ransomware has become easier due the professionalization of the criminal underground and lower barriers-to-entry, it is perhaps harder to profit from these activities,” says the company.
This trend is corroborated by incident response firms like Coveware, which paid just 28% of ransoms in incidents they were involved in the last quarter. Chainalysis attributes the decline in payments in part to enhanced cyber resilience among organizations, enabling them to better prepare, defend, and recover from incidents.
Additionally, though, the availability of undisclosed decryptors from public and private sector efforts, such as those for the Rhysida strain, and major law enforcement actions like the Hive intervention have reduced the need for ransom payments in some instances, underscoring the value of reporting incidents to law enforcement.
Your email address will not be published. Required fields are marked