In a rare bit of good news on the cybercrime front, ransomware payouts are down on the year.
Researchers with security consultancy Chainalysis report that, thanks to stepped up efforts from law enforcement and victim response, the second half of 2024 saw a whopping 35% decrease in payouts to ransomware attackers.
This marks the first time since 2022 that ransomware payouts have seen a decrease, according to Chainalysis. The drop off is particularly notable because the first half of the year recorded an increase in payouts due to a number of notable ransomware data breach incidents.
“Despite its small half-over-half (HoH) increase, we expected 2024 to surpass 2023’s totals by the end of the year,” the team explained.
“Fortunately, however, payment activity slowed after July 2024 by approximately 34.9%.”
The researchers noted that the amount criminal hackers are asking from their victims has been waning, as many organizations are not willing to meet the full demands of their attackers and are opting to negotiate.
“Incident response data show that the gap between the amounts demanded and paid continues to increase,” Chainalysis reports.
“In H2 2024, there was a 53% difference between the two factors.”
The report goes on to point out that the smaller payouts are likely the result of increased efforts by law enforcement to catch ransomware criminals as they are trying to cash out their hacks.
Despite seeing a drop in payouts on the year, the researchers noted that ransomware leak incidents increased. This would suggest that organizations are more willing to call the bluff of threat actors and, as a result, pay the price in dealing with a data disclosure.
The reasoning is that as law enforcement looks to seize upon criminals at the moment of their cashout, crooks are increasingly wary of making cryptocurrency transactions. This results in threat actors looking to different avenues in order to cash out on their network breaches.
“In response, many attackers shifted tactics, with new ransomware strains emerging from rebranded, leaked, or purchased code, reflecting a more adaptive and agile threat environment,” Chainalysis reports.
“Ransomware operations have also become faster, with negotiations often beginning within hours of data exfiltration.”
