Ransomware Payments Plummet in 2024 as Law Enforcement Cracks Down on Crypto Crime

Ransomware payments within the cryptocurrency world have seen a sharp decline in 2024, dropping 35% to $813 million from the previous year's $1.25 billion.

This significant reduction represents the largest decrease in ransomware revenues in the past three years, according to Chainalysis’ recent report.

While ransomware attacks initially spiked in early 2024, including a major payment of $75 million to a notorious hacking group, the trend shifted dramatically later in the year. The decrease in payments is linked to more effective law enforcement and international collaboration, as well as a rise in victim resistance. More individuals and organizations are choosing alternatives, such as utilizing decryption tools or restoring data from backups, rather than paying the ransom.

Authorities have also tightened their focus on platforms that facilitate illegal activities, as seen with the recent sanctions placed on Cryptex, a crypto exchange based in Russia, accused of aiding money laundering and ransomware. Despite an uptick in attacks, fewer people are choosing to pay, with just 30% of negotiations resulting in payment. Moreover, there was a noticeable gap between ransom demands and actual payments—victims paid far less than what was originally asked, with average payments ranging from $150,000 to $250,000, far lower than the initial demands.

In response to these challenges, ransomware actors have shifted their laundering strategies. With tighter regulation on mixing services, like Tornado Cash, these criminals have turned to cross-chain bridges to conceal their activities. Centralized exchanges remain a significant platform for off-ramping, but an unexpected development has seen a large portion of ransom payments staying in personal wallets, possibly reflecting the heightened caution from attackers fearing further regulatory action.

Recent actions by law enforcement, including the German authorities’ seizure of no-KYC crypto exchanges and sanctions on Cryptex, have also had a major impact on illicit fund movements, leading to a noticeable drop in ransomware-related activity on no-KYC platforms. This signals the growing effectiveness of global regulatory measures.