In the Crypto industry, ransomware payments fell 35% in 2024, down from $1.25 billion the previous year to $813 million.
According to the company, this marks the most significant annual decline in ransomware revenue over the past three years.
Crypto Ransomware 2024
Despite the initial increase in attacks in the first half of 2024, one casualty reportedly paid $75 million to the Dark Angels Group, but ransomware payments plummeted later this year. The report celebrates stricter law enforcement measures, increased international cooperation and rejection of victims’ resistance.
Additionally, global authorities have stepped up oppression of cybercrime targeting platforms that promote illegal transactions. A major example is Cryptex, which allows the US and allies, which impose sanctions against Russia-based Crypto Exchange Cryptex, to enable money laundering and ransom-related activities.
Interestingly, fewer casualties have chosen to pay while ransomware incidents are rising. Approximately 30% of negotiations resulted in ransom payments, with many choosing decryption tools or restoring them from backups instead.
Meanwhile, the report also highlights the growing gap between requested ransom and actual payments. In late 2024, the attackers demanded much more than what they ultimately transferred, with payments falling 53% short on. Those who paid sent an average of between $150,000 and $250,000. This is less important than the initial demands.
Laundry tactics evolve
As ransomware payments decreased, attackers adapted their laundry technology. Traditionally, ransomware actors rely on a mix of services to obscure fund flows, and these platforms handled 10% to 15% of illegal transactions.
However, law enforcement crackdowns on services such as Tornado Cash, Chipmixer and Sinbad significantly removed mixer usage in 2024.
Instead, ransomware operators relied on cross-chain bridges to secretly move funds. Centralized exchange (CEXS) remained the primary external off-ramp channel, accounting for 39% of ransomware-related transactions.
Meanwhile, an unexpected trend has emerged as a significant portion of the ransom fund remains in individual wallets rather than being cashed. This shift suggests a stronger attention among ransomware actors who may fear unpredictable law enforcement measures targeting illegal trade.
Law enforcement crackdowns on the No-Kyc exchange had a major impact on the flow of illegal funds. In September 2024, German authorities seized 47 Russian-language no-KYC crypto exchanges, and sanctions targeted Cryptex.
Shortly afterwards, ransomware-related influx reduced the influx of KYC no-KYC platforms, increasing the effectiveness of regulatory measures.
It is mentioned in this article
