Los Ransomware payments descended 35% in 2024totaling about 813.55 million dollars. This fall is due, according to Chainanalysis, to various operations against groups that are dedicated to carrying out this type of attacks, but also for companies and organizations to take more measures to reinforce their cybersecurity that lead them to be able to reject these payments to recover the information taken hostage by the attackers.
This fact is, however, quite surprising, given the upward trend in payments to solve ransomware attacks recorded in 2023. Also because in the first half of 2024 the attackers dedicated to these attacks tried to extort to 2.38% more of entities that in the same period of the previous year. But what seemed like an alarming trend collapsed in the second half of 2024, since ransomware payments fell 34.9%in that period.
Akira was the only group dedicated to the ransomware of the 10 most active in the first half of 2024 that increased its activity in the second part of the year. On the other hand, as 2024 progressed, less large -scale payments were made.
In addition, the difference between the amounts requested by the cyberbaceants and the amounts paid by the victims increased 53% between July and December. This may be due to greater resilience in organizations, which allows them to assess the use of the recovery options at their disputes to avoid paying. Among them, the use of decrypted tools, or the restoration of backup information.
But despite the fall in ransomware payments, in 2024 they were not all good news for cybersecurity. The number of new data filtration sites was bent last year, although many organizations had their data published in them several times, and that with some frequency ransomware groups claimed to have questioned multinational safety, when in reality only only only They had accessed a branch.
The attackers may also have exaggerated when detailing the amount of data of a company that had been compromised, sometimes they published again the results of ancient attacks. It is a technique that they use frequently to continue having relevance, or to seem active after a police operation against them.
The Lockbit Group, responsible for the most common ransomware type, deployed in 2023, was the objective of a police operation in February 2024, which left it quite diminished. When the members who were operations recovered their activity something later, they saw that the group payments fell by 79% between July and December, and the attacks of which they declared themselves responsible fell from 26% of the total to 20%. The second most active group in 2023, Alphv, also stopped operating in 2024 after several failed incidents.
But in spite of everything, ransomware groups continue to evolve to adapt and overcome legal and police operations against them, with new ransomware chains that appear of filtered or purchased code, and which aim to avoid their detection.
The attacks are also fasterwith the negotiations for rescue payments and requests that now begin only a few hours after the start of the attack. However, the authorities are up to date on this type of tactics, and value the taking of Most drastic countermeasures for the futureand make this type of cyber attacks little or nothing attractive to the bands.
