Ransomware gangs rake in more than $450 million in first half of 2024

More than $459 million was extorted from victims of ransomware attacks in the first half of 2024, highlighting a growing crisis that has affected all organizations from major corporations to local governments and hospitals, according to a new report. 

Blockchain research company Chainalysis tracked cryptocurrency payments made to wallets controlled by ransomware actors, finding a $10 million increase in the amount of money earned from those criminals compared to last year’s figure of $449.1 million. 

Researchers said the pace in payments sets the world “firmly on track for the worst year on record.” Several other statistics illustrated that the ransomware problem is only getting worse. In addition to a new record ransom payment of $75 million — which was confirmed by other blockchain analysts — the median payment also grew. 

For the most threatening groups — ones that have received a maximum payment over $1 million this year — the median ransom grew from $198,939 in the first week of 2023 to $1.5 million in mid June of 2024. 

“This pattern could suggest that these strains are starting to target larger businesses and critical infrastructure providers that may be more likely to pay ransoms of inordinate size due to these targets’ deep pockets and systemic importance,” the researchers said. 

The numbers match data tracked by other cybersecurity firms including Sophos, which recently released a report that showed for a median extortion of $2.2 million for 49 state and local governments that paid a ransom in 2024.

Tracking payments has also revealed that ransomware attacks are becoming more frequent, with at least 10% more attacks recorded this year. 

But despite the increases in attack frequency and in payment size, it appears that fewer victims are paying ransoms. 

The researchers said the number of “ransomware payment events” show a 27% decline compared to last year, illustrating that more victims may be better prepared and are opting to recover from attacks on their own. 

Andrew Davis, general counsel at incident response firm Kiva Consulting, said 65% of the attacks they are hired to assist with have been resolved without a ransom payment this year. 

Davis added that law enforcement actions taking down the ALPHV/BlackCat and LockBit ransomware groups have fragmented the cybercrime landscape, forcing affiliates to migrate to less effective strains or create their own. 

“Whether it be former affiliates of these well-known threat actor operations, or new upstarts, a large number of new ransomware groups have joined the fray, displaying new methods and techniques to carry out their attacks such as expansion in their means for initial access and lateral movement approaches,” he said. 

While government officials have in recent weeks questioned the effectiveness of ransomware infrastructure takedowns, some researchers said the data illustrated the importance of the operations. 

Corsin Camichel, an expert with cybercrime research company eCrime.ch, said takedowns and law enforcement actions like Operation Cronos, Operation Duck Hunt and Operation Endgame “are essential in curbing these activities and signaling that criminal actions will have consequences.”

A record $1 billion in ransoms were paid in 2023, in part from several high-profile attacks that included the Clop exploitation of a popular file transfer tool and ALPHV/BlackCat’s attack on Caesars’ hotel properties. 

Chainalysis typically revises ransom payment figures up each year as they discover more cryptowallets used by criminal actors. 

Crypto thefts

Ransomware wasn’t the only cybersecurity threat that Chainalysis warned about — crypto heists are also on the rise, according to the researchers. Cybercriminals netted nearly $1.6 billion from these types of attacks in the first half of 2024, up from $857 million during the same period of 2023.

The number of attacks on cryptocurrency platforms has largely stayed steady but hackers have stolen more money in each attack compared to last year. The average value of a theft grew to $10.6 million this year compared to $5.9 million in the first half of last year. 

Chainalysis attributed much of this to the increase in value of cryptocurrencies — particularly Bitcoin — compared to last year, when the market had cratered following the closure of several major platforms. 

The biggest attack this year was on DMM, which saw $305 million stolen. 

Increases in security by companies offering decentralized finance, or DeFi, services has turned most hackers away, forcing them to return “to their roots and targeting centralized exchanges again after four years focused on their decentralized counterparts, which typically do not trade bitcoin,” according to Chainalysis.