But in reality, both law enforcement operations may have been more successful than they appeared. After receiving the $ 22 million ransom from Change Healthcare, ALPHV drew a so-called ‘exit fraud’ and took the money and disappeared rather than sharing it with the hacker partners who made the change in the change. Lockbit also largely fell off the map in the months that followed on the removal of the NCA, perhaps thanks to the distrust of the cybercriminal underground, and the alleged leader, Dmitri Khoroshev, when it became clear that the NCA became clear that the NCA identified. In May 2024, Khoroshev was also approved by the US Treasury, making it much more legally complicated for the victims of the lock bit to pay a ransom to the group.

While the vacuum that was left by the big players in the Ransomware ecosystem was filled by newer groups during the second half of 2024, many of them did not have the skills or experience to be so great after targets, and also as Lockbit and Alphv defend. , says Burns Koven. The result, she says, were many smaller ransom payments, often in tens of thousands of dollars rather than the millions or ten millions.

“Their talent is not as strong as their predecessors,” Burns Koven says of the newer generation of Ransomware gangs. “We see the kater of these law enforcement, not only directly aimed at individuals and strains of malware, but also the infrastructure and tools and services used to help these attacks continue.”

Last year, more Ransomware incidents saw than the previous year, says Allan Liska, an analyst of a threat intelligence focused on Ransomware at the security firm. The firm counted 4,634 attacks in 2024 against 4,400 in 2023, but the lower ransom amounts received by the newer groups for Ransomware indicate that they may have preferred the amount of quality, he says. “What we see in terms of payments is a reflection of newer threat actors attracted by the amount of money they see that you can earn in Ransomware, try to get into the game and not be very good at it,” says Liska says.

In addition to large law enforcement actions at the beginning of 2024, Chainalysis writes the decline in payments during the second half of the year to a greater world awareness of the threat of Ransomware, leading to more adult defense and response plans within governments and other institutions. And Burns Koven adds that cryptocurrency regulation and law enforcement in the field of money laundering infrastructure, including mixers who help criminals to anonymously and obscure the source of their bad cryptocurrencies, also the capabilities of the Ransomware actors to deal with the payments without dealing gradually.

Although the decline in payments during the second half of 2024 is important to be the largest in the data of the chain alignment, the number of ransomware attacks and volume payments varied and previously dropped. Researchers, in particular, saw a significant decline in activity in 2022, a year in which chain alignment placed total payments for ransomware at $ 655 million, compared to $ 1.07 billion in 2021 and nearly $ 1 billion in 2020. But although governments and Defenders were initially heard that their deterrent efforts were Ransomware work back as an even worse threat in 2023, in total, according to the score of Chainalysis, $ 1.25 billion in payments that year.