By Todd Feathers Published February 5, 2025 | Comments (0) | Ransomware was less lucrative in 2024 compared to years past. JL Stock/Shutterstock Ransomware victims paid out 35% less to hacking groups in 2024 compared to 2023 even as the overall number of attacks increased, according to a report by the blockchain research firm Chainalysis. The large dropfrom $1.25 billion in ransom payments in 2023 to $813.55 million last yearcame as international law enforcement operations disrupted some major hacking groups and others abruptly closed up shop. In February the FBI, U.K. National Crime Agency, and other police agencies made several arrests and seized servers and websites used by the ransomware gang Lockbit, which is believed to have been responsible for thousands of attacks that cost victims more than $120 million. Not long after, another prolific ransomware group, known as Blackcat or ALPHV, abruptly stopped operating. A message was posted to its website saying that it had been seized by law enforcement, but some of those agencies denied their involvement and experts suspected it may have been an exit scam. Chainalysis found that the gap is growing between how much money attackers demand in exchange for relinquishing compromised data and how much victims actually pay. Reporting from incident response firms suggests a majority of clients opt not to pay altogether, according to the report.Reliable data on the number of ransomware attacks and their full impact is hard to come by. As Chainalysis noted, leak sites where hacking groups post about their successful infiltrations are full of fabricated or repeated incidents. And victims whose sensitive data has been compromised often downplay attacks and keep the details of payment negotiations secret. The $813.55 million paid out in 2024 was also less than ransomware victims paid out in 2020 and 2021, according to Chainalysis, even though after the first half of the year the ransom sum was on track to exceed previous years. Payments dropped sharply from July through December, which has become something of a pattern in recent years but was particularly pronounced in 2024.The market never returned to the previous status quo following the collapse of LockBit and BlackCat/ALPHV, Lizzie Cookson, senior director of incident response at Coveware, told Chainalysis. We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share, as we had seen happen after prior high-profile takedowns and closures. The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands.Daily NewsletterYou May Also Like By AJ Dellinger Published February 4, 2025 By Todd Feathers Published January 31, 2025 By Matthew Gault Published January 22, 2025 By AJ Dellinger Published January 14, 2025 By Thomas Maxwell Published January 8, 2025 By Lucas Ropek Published January 7, 2025