Ransomware Payments Dropped 35% In 2024 (therecord.media) 44
An anonymous reader quotes a report from CyberScoop: Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis. The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity to date. Chainalysis itself warned in its mid-year report that 2024's activity was on pace to reach new heights, but attacks in the second half of the year tailed off. The total amount in payments that Chainalysis tracked in 2024 was $812.55 million, down from 2023's mark of $1.25 billion.
The disruption of major ransomware groups, such as LockBit and ALPHV/BlackCat, were key to the reduction in ransomware payments. Operations spearheaded by agencies like the United Kingdom's National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) caused significant declines in LockBit activity, while ALPHV/BlackCat essentially rug-pulled its affiliates and disappeared after its attack on Change Healthcare. [...] Additionally, [Chainalysis] says more organizations have become stronger against attacks, with many choosing not to pay a ransom and instead using better cybersecurity practices and backups to recover from these incidents. [...] Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
You can read the full report here.
The disruption of major ransomware groups, such as LockBit and ALPHV/BlackCat, were key to the reduction in ransomware payments. Operations spearheaded by agencies like the United Kingdom's National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) caused significant declines in LockBit activity, while ALPHV/BlackCat essentially rug-pulled its affiliates and disappeared after its attack on Change Healthcare. [...] Additionally, [Chainalysis] says more organizations have become stronger against attacks, with many choosing not to pay a ransom and instead using better cybersecurity practices and backups to recover from these incidents. [...] Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
You can read the full report here.
Trump will change this (Score:4, Insightful)
Re: (Score:2)
They'll just have start taking cash and children.
Re: (Score:2, Informative)
1. These are not "gangs". Most ransomware attacks are by individuals.
2. Most ransomware attacks originate in Russia, where the FBI has no jurisdiction.
Re:Trump will change this (Score:5, Interesting)
Most ransomware attacks are by individuals.
All the facts disagree with this claim. Where are we pulling this from?
The tooling has segregated. Multiple entities are coordinating in multiplle ways. These entities specialize in each part of the kill chain - acccess, CnC, persistence, automation.....
This idea of the luser script kiddie is 40 years out of date. These are dedicated, incentivized, actors and underplaying the risks they represent, the technological capabilities they have developed and the complexity of the infrastrucure and shadow markets they engage in is a mistake.
Some of these are legit corps with HR departments, bonus structures, pensions, etc
Re: (Score:1)
1. These are not "gangs". Most ransomware attacks are by individuals.
2. Most ransomware attacks originate in Russia, where the FBI has no jurisdiction.
Yeah. You’re right. Those massive APT groups operating out of Russia, China, and North Korea aren’t gang members,
They’re more like government employees.
Re: (Score:2)
Re:Trump will change this (Score:4, Funny)
As the FBI and other government agencies are gutted, the ransomware gangs will again rise and live to fight again.
Trump will do one thing to fight them... making the American economy so poor they cant afford ransoms.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
You mean back when he was giving out checks with his scribbled sharpie signature?
Re: (Score:2)
Re: (Score:2)
The good news ransoms can be paid in government backed Trump shitcoins.
Cryptocurrency ain't useful if you can't spend it (Score:3)
Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction.
So, that pretty much leaves just the greater fool speculative trading game as the only practical use for cryptocurrency.
Re: (Score:2)
Can't spend it?! Did you miss the story about the guy who purchased a pizza with BTC?
Re: (Score:3)
I know you're making a joke, but the Bitcoin pizza guy actually had to have a 3rd party order (and pay for, using real money) the pizza on his behalf. It's been awhile since I've ordered from Papa John's (their pizza really isn't that good compared to the smaller mom and pop places near me), but last I checked they don't accept cryptocurrency.
I'd imagine anyone looking to order a pizza without first exchanging their cryptocurrency would likely end up going hungry.
Re: (Score:1)
Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction.
So, that pretty much leaves just the greater fool speculative trading game as the only practical use for cryptocurrency.
I hate to point out the obvious, but if you happen to be NOT a piece of shit ransomeware criminal, you could actually USE a digital wallet for transactions without fear of law enforcement watching what you do.
Pretty sure an audit of the Federal Reserve would reveal financial crimes on an incomprehensible scale. Doesn’t mean the concept of banks or money becomes pointless and worthless. Maybe not toss the baby out with the bathroom remodel.
Re: (Score:2)
Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction....
I hate to point out the obvious, but if you happen to be NOT a piece of shit ransomeware criminal, you could actually USE a digital wallet for transactions without fear of law enforcement watching what you do.
If you're not a criminal, you could actually use money in your digital wallet. The only reason you'd use cryptocurrency is for the touted ability for it not to be tracked. But that's an illusion.
The fact is, cryptocurrency isn't currency. It is primarily a speculative investment, not a coin used in transactions. (Even when used in criminal activity and scams, it seems to be mostly used as a method of transferring money: the victim buys cryptocurrency, gives it to the ransomeware gang, and the ransomware ga
Re: (Score:2)
...you could actually USE a digital wallet for transactions without fear of law enforcement watching what you do.
And just where would I be able to conduct those transactions?
What grocery stores accept Bitcoin for payment?
Any clothing or sporting goods stores?
What about my rent or mortgage?
Please provide specific examples.
Re: (Score:2)
Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction.
So, that pretty much leaves just the greater fool speculative trading game as the only practical use for cryptocurrency.
Yes, you'll have to deal with the traditional finance industry who are known to be fucking boy scouts who would never touch a dodgy dollar/quid/euro/rupee. No siree, the traditional finance industry is clean as a whistle, more pious than the the pope, more open than a porn star and more reliable than a 93 Honda Civic owned by someone with mechanical sympathy.
The thing about Crypto is that you've a great deal of choice about where and how you move that into legitimate money... UAE, India, Russia, et al. a
Re: (Score:2)
Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.
I've been saying this for awhile now. You still have to deal with the traditional finance industry anytime you want to move real currency in or out of crypto, because you're certainly not getting several thousand dollars worth of coin exchanged in some back alley transaction.
Trump and Musk are fixing that. If there were publicly-traded ransomware stocks, they'd be going through the roof right now.
Better cybersecurity practices and backups (Score:2)
Re: (Score:3)
Sad (Score:2)
Escalation inbound (Score:3)
We already have LLMs doing battle with each other in this space
Now have to worry about where and how this will escalate.... We have plenty evidence these actors care not one jot about human life
Why did people stop backing up their data? (Score:3)
This used to be a thing. 3-2-1 backups. I don't know what happened over the past 20 years where backups stopped being important. More reliable HDDs maybe? Hopefully ransomware has shocked enough people to make them important again.
Re:Why did people stop backing up their data? (Score:4, Insightful)
Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost.
Similarly if you never need to restore the backups, many places never actually test to see if restoring is possible.
Then you have a disaster where you actually need the backups, and they don't exist or don't work.
Re: (Score:3)
Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost.
Odd how one can argue about the unpredictability of Shit Happens until you’re blue in the face with greedy CxOs who don’t feel backups are worth the risk anymore, and yet every one of them will get into their car and fasten a seat belt. Along with insisting their family members fasten a seat belt. Every time. For the same damn reason.
Hell, forget the ransomware, virus, or hacking risks. Backups are justified because we’re human. I’ve used them far more because of the Delete but
Re: (Score:2)
Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost.
Odd how one can argue about the unpredictability of Shit Happens until you’re blue in the face with greedy CxOs who don’t feel backups are worth the risk anymore, and yet every one of them will get into their car and fasten a seat belt. Along with insisting their family members fasten a seat belt. Every time. For the same damn reason.
Because we made it illegal not to, so everyone got used to doing it?
I don't think that applies to backups.
Re: (Score:2)
Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost.
Odd how one can argue about the unpredictability of Shit Happens until you’re blue in the face with greedy CxOs who don’t feel backups are worth the risk anymore, and yet every one of them will get into their car and fasten a seat belt. Along with insisting their family members fasten a seat belt. Every time. For the same damn reason.
Because we made it illegal not to, so everyone got used to doing it?
I don't think that applies to backups.
You know what they say about two kinds of people. Those who have suffered a horrific accident (physical or otherwise), and those who haven’t yet. Running no anti-virus or firewall on Windows isn’t illegal either. But it sure has been applied as the standard.
Many Government data retention mandates hold cleared Federal contractors to a high standard, especially when dealing with classified data. Mandated backups not being done in the presence of other massive data loss events might be construe
Re: (Score:2)
Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost. Similarly if you never need to restore the backups, many places never actually test to see if restoring is possible.
Then you have a disaster where you actually need the backups, and they don't exist or don't work.
The most competent ransomeware gangs encrypt the backups, too.
Re: (Score:3)
Because like most things, backups are a cost, and if you don't have a failure then you never need to use the backups, so a couple of years where nothing fails and they start trying to cut backups as an unnecessary cost. Similarly if you never need to restore the backups, many places never actually test to see if restoring is possible.
Then you have a disaster where you actually need the backups, and they don't exist or don't work.
The most competent ransomware gangs encrypt the backups, too.
Yep. In fact they encrypt the backups first, and don't go after live data until they've confirmed the backups are toast.
Re: (Score:2)
Depends how and where you perform backups...
If you're security conscious at all you'd ensure that access to the servers being backed up doesn't grant you access to delete backups, or to the backup servers themselves.
For instance here if you compromised servers the most you could do would be to push a new backup full of garbage, backup retention is handled purely by the server and the client can't influence it.
There's also no shared credentials between the production network and the backup servers, nor is th
Re: (Score:2)
Heh. You expect companies to not only create good backups and test them, but also to ensure that they're immutable?
I mean, obviously they should, but this is a requirement that didn't really exist prior to the rise of ransomware, and it adds a significant challenge to an already-challenging problem.
In the past we had optical storage that just happened to be WORM (write once read many) which naturally provided the immutability property. As you point out, tape storage provides it, too, because the tapes
Re: (Score:2)
Depends how and where you perform backups...
If you're security conscious at all you'd ensure that access to the servers being backed up doesn't grant you access to delete backups, or to the backup servers themselves.
No, if you're security conscious you'd ensure that ransomware gangs don't break in in the first place.
Since we're talking about organizations to which ransom extortion happens, you already know that their security is flawed.
Re: (Score:2)
No, if you're security conscious you'd ensure that ransomware gangs don't break in in the first place.
If you're security conscious you realise that no security is perfect, and you need to plan for the inevitable failure.
Re:Why did people stop backing up their data? (Score:4, Insightful)
This used to be a thing. 3-2-1 backups. I don't know what happened over the past 20 years where backups stopped being important.
Theres an easy answer for this. The birth of the ubiquitous “cloud”. And all of the lies sold with it.
The old way you lost data, was storing it locally and suffering a crash. Once users were told data wasn’t stored locally anymore, the concern about data loss subsided. Then more local features were added to recover from the usual “oops” reasons you maintain backups (Recycle Bins, System Restore, Snapshots, etc.), so users really stopped giving a shit about backing up.
That mentality eventually creeped up into the CxO wallet where they wanted fatter bonuses instead of pissing away money on backup solutions. And when we started measuring .pst files in gigabytes rather than megabytes, it became obvious how bad data hoarding was getting. Along with the challenges of backing all that shit up.
Re: (Score:3)
This used to be a thing. 3-2-1 backups. I don't know what happened over the past 20 years where backups stopped being important. More reliable HDDs maybe? Hopefully ransomware has shocked enough people to make them important again.
Backups were never as common or reliable as you seem to think. Building reliable backup systems is hard, and testing them is even harder, which means that proper backups are expensive. And when everything is going fine, they generate zero value, which means that to a business, backups are a pure cost.
Frankly, ransomware has probably done a better job of motivating investment into backups than anything that came before. I'd guess that more businesses have good backups today than did in the past.