Ransomware attacked a net cybercrime group that totaled $813.5 million in 2024, down from $1.25 billion in 2023.
According to a chain analysis of blockchain intelligence firms, the total amount for the first half of 2024 was $459.8 million, but since July 2024, it added about 3.94% of payment activities.
“The number of ransomware events has increased to H2, but payments on the chain have decreased, suggesting that more casualties have been targeted but paid,” the company said.
In addition to the challenges, there is an increasingly fragmented ransomware ecosystem. This led to the emergence of many newcomers who shunned big game hunts in favor of small to medium sized entities, in the wake of the collapse of Rockbit and Black Cat. It translates into a more modest ransom demand.
Data compiled by Coveware shows that the average ransomware payments for the fourth quarter were $553,959, up from $479,237 in the third quarter. In contrast, median ransomware payments fell 45%, down from $200,000 to $110,890 per quarter.
“For those who don’t have an alternative to recover mostly important data, payments remain primarily the last resort option,” the company said.
“A compound that can distrust the broken decryption tools from tensions of both old and new ransomware, as well as the ability to respect the assurance of threat actors, and keep victims away from the table unless there is another option.”
The decline in ransom payments is complemented by the increased success of law enforcement in the dismantling of cybercrime networks and crypto laundry services, which disrupt financial incentives and increase barriers to entry.
That said, 2024 saw the highest annual ransomware cases since 2021, reaching an astounding 5,263 attacks, up 15% from the previous year.
“Because of its important role in the global economy, Industry experienced 27% (1424) of all ransomware attacks in 2024, an increase of 15% since 2023,” said NCC Group. “North America experienced more than half of all attacks in 2024 (55%).”
The most commonly observed ransomware variants in 2024 were Akira (11%), Fog (11%), Ransomhub (8%), Medusa (5%), Blacksuit (5%), and Bianlian (4%) , and was Black Basta. %). The Lonely Wolf actor gained an 8% market share during the period.
New entrants observed over the past few months include Arcus Media, Cloak, Hellcat, Nnice, NotLockbit, WantTocry, and Windows Locker. In particular, Hellcat has been found to rely on psychological tactics to humiliate the victims and put pressure on them to pay.
“Both Akira and Fog use the same money laundering method different from other ransomware stocks, further supporting the connection between them,” the chain analysis said.
“Both groups are primarily focused on exploiting VPN vulnerabilities, which allows them to gain unauthorized access to their networks and, as a result, deploy ransomware.”
Source link
