Ransomware Payments Drop 35% in 2024 Despite Rising Cyberattacks

In a significant shift for cybersecurity, ransomware payments fell sharply by 35% in 2024, even as cybercriminals continued to target victims aggressively. This decline comes after a record-breaking year in 2023, when ransomware gangs extorted $1.25 billion, and a 2.38% year-on-year increase in stolen funds during the first half of 2024. However, the latter half of the year saw a dramatic reversal, with overall ransomware payouts dropping to $813 million, according to the Chainalysis 2025 Crypto Crime Report. 

The report highlights a record-breaking $75 million ransom paid by an undisclosed victim to the Dark Angels group, showcasing the high stakes of ransomware attacks. Despite this outlier, the broader trend points to growing resilience against cybercriminals. Jacqueline Burns Koven, Head of Cyber Threat Intelligence at Chainalysis, credited the decline to “the effectiveness of law enforcement actions, improved international collaboration, and a growing refusal by victims to cave into attackers’ demands.” 

One of the most notable trends in 2024 was the widening gap between ransom demands and actual payouts. In the second half of the year, the difference reached 53%, indicating that while attackers continued to target victims, fewer organizations opted to pay. Additionally, despite an increase in ransomware incidents, the number of on-chain payments declined, suggesting that more victims are resisting extortion attempts. When payments were made, ransoms typically ranged between $150,000 and $250,000, regardless of the attackers’ initial demands. 

Cybercriminals also faced challenges in laundering their illicit gains. Law enforcement actions, such as the sanctioning of Russia-based Cryptex exchange and the German Federal Criminal Police’s (BKA) seizure of 47 no-KYC crypto exchanges in September 2024, disrupted their ability to convert crypto into fiat currency. Chainalysis data further revealed that ransomware groups are increasingly holding stolen funds in personal wallets, likely due to fears of being traced and prosecuted. 

While the decline in ransomware payments is a positive development, Chainalysis warns against complacency. The ransomware landscape is now dominated by groups targeting low- to mid-value payments, with smaller businesses increasingly in the crosshairs. Koven emphasized the importance of protecting these organizations, noting that in the UAE, for example, over half a million SMEs contribute 63% of the nation’s non-oil GDP. “Sustained collaboration and innovative defenses are essential to build on the progress made in 2024 and ensure all organizations remain protected,” she said. 

The findings from Chainalysis highlight the importance of continued vigilance and international cooperation in combating ransomware. While the decline in payments is encouraging, the evolving tactics of cybercriminals underscore the need for robust cybersecurity measures, especially for small and medium-sized enterprises (SMEs). As ransomware threats persist, businesses and governments must remain proactive in their efforts to safeguard critical infrastructure and economic stability. 

The progress made in 2024 demonstrates the power of collaboration, but the fight against cybercrime is far from over. For the latest updates on cybersecurity trends and ransomware prevention, stay tuned to our coverage.