Ransomware victims have paid $ 460M in ransom so far
2024 might become the year of the highest-grossing ransomware payments. In the first six months ransomware victims paid $ 459.8 million in ransom, an increase of approximately 2 percent compared to last year.
Despite major law enforcement actions targeting several international ransomware operations, including the disruption of LockBit and ALPHV/BlackCat, ransomware activity has held relatively steady during the first half of this year.
According to chainblock market researcher Chainalysis there are two causes for the increase of ransomware payments. First of all, threat actors succeeded in collecting larger payouts by focusing on high-profile victims. Researchers found the largest ransomware payment ever recorded: approximately $ 75 million to the Dark Angels ransomware group.
Secondly, more and more ransomware groups have made their appearance and successfully extort victims.
“Whether it be former affiliates of these well-known threat actor operations [Lockbit and ALPHV/BlackCat], or new upstarts, a large number of new ransomware groups have joined the fray, displaying new methods and techniques to carry out their attacks such as expansion in their means for initial access and lateral movement approaches,” Andrew Davis, General Counsel at Kiva Consulting, explains.
Furthermore, Chainalysis noticed an extraordinary growth in median payment size. In the first week of 2023, the median payment size was almost $ 200,000. By mid-June 2024 it had risen to $ 1.5 million. This represents an increase of almost 8 times in the typical size of ransom payments, suggesting ransomware groups are progressively targeting larger businesses and critical infrastructure providers because they are more likely to pay ransom due to their deep pockets and systemic importance.
Researchers state that ransomware attacks are becoming more frequent, with at least 10 percent more attacks so far this year. Despite the fact that threat actors are collecting higher ransomware payouts, the number of victims that’s willing to pay decreases. That’s because victims are better prepared when a cyberattack occurs. Businesses and organizations have working backups and receive better tech support from third-party cybersecurity companies, negating the need to pay ransom.
“The key to disrupting cybercrime is disrupting its supply chains, including attackers, affiliates, partners, infrastructure services providers, launderers, and cashout points,” Chainalysis concludes. Law enforcement operations like Operation Cronos and Operation Endgame are essential to send out a message to criminals that cybercrime doesn’t go unnoticed and has consequences.
Your email address will not be published. Required fields are marked