First major decline in payment amounts since 2022.
Ransomware payouts dropped by a third during the last six months of 2024.
According to research by Chainalysis, the drop by 34.9 percent marked the first decline in payments since 2022, with payments also 53 percent less than attackers were demanding.
However, ransomware leaks have become more prevalent over the same period amid the growing willingness of ransomware-hit organisations to call their attackers' bluff. Intensified law enforcement action against cryptocurrency platforms leveraged for cybercrime has also led threat actors to explore other means of profiteering from attacks.
Commenting, Andy Ward, SVP international for Absolute Security, said a significant dip in pay-outs is a collective testament to strong cybersecurity. “Attacks are a case of when, not if, so every organisation needs a policy of cyber resilience, planning to recover from threats, not just prevent them,“ he said.
“By building a strong cyber resilience posture, organisations can ensure they remain operational during a ransomware attack, and deal with the threat on compromised devices, without falling victim to the payment.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
