Ransomware Payments Drop 35% in 2024 as Victims Refuse to Pay Hackers: Chainalysis

Last updated:

Journalist

Tanzeel Akhtar

Journalist

Tanzeel Akhtar

About Author

Tanzeel Akhtar has been covering the cryptocurrency and blockchain sector since 2015. She has written for the Wall Street Journal, Bloomberg, CoinDesk, Bitcoin Magazine and Bitcoin.com.

Last updated:

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

The global ransomware landscape saw a huge shift in 2024, with total ransom payments decreasing by approximately 35% year-over-year, according to a Chainalysis report.

This decline marks a turning point in the fight against cyber extortion, driven by increased law enforcement actions, stronger international collaboration, and a growing trend of victims refusing to pay attackers.

Ransomware Tactics Evolve Amid Declining Payments

With fewer victims willing to pay, ransomware operators have adapted by refining their tactics. Attackers are now launching faster operations, initiating negotiations within hours of data exfiltration.

Many cybercriminal groups have rebranded or reused existing ransomware code from leaked or purchased strains, leading to the emergence of new variants such as Akira/Fog and INC/Lynx.

The range of attackers remains diverse, spanning nation-state actors, ransomware-as-a-service (RaaS) operators, and independent cybercriminals.

In some cases, data theft extortion groups, such as those involved in the Snowflake breach, have focused more on stealing sensitive data rather than encrypting systems.

Chainalysis Reports Mid-Year Surge Followed by Sharp Decline

Ransomware payments in 2024 totaled approximately $813.55 million—way lower than the $1.25 billion recorded in 2023. However, the first half of the year suggested a different trajectory, reports Chainalysis.

By June 2024, cybercriminals already extorted around $459.8 million, a slight 2.38% increase compared to the same period in 2023.

This early surge was fueled by a few exceptionally large payments, including a record-breaking $75 million ransom paid to Dark Angels.

Despite the strong start, the latter half of the year saw a dramatic slowdown, with payments dropping by approximately 34.9% after July.

This trend mirrors previous mid-year declines in ransomware revenues observed since 2021, but the 2024 drop was far steeper than in prior years.

Law Enforcement and Victim Resistance Drive Decline

Several key factors contributed to the reduction in ransom payments.

Global law enforcement agencies have ramped up operations against ransomware groups, leading to arrests, infrastructure takedowns, and increased cooperation between governments and cybersecurity firms.

According to the report, improved cyber defenses, better backup strategies, and stricter regulations around ransom payments have empowered victims to resist extortion demands.

As ransomware continues to evolve, cybersecurity experts anticipate further shifts in attack strategies.

However, the declining trend in payments suggests that businesses and governments are making progress in disrupting the ransomware economy—an encouraging sign for the future of cybersecurity.

You May Also Like