In 2023, the ransomware industry experienced a concerning surge, with a staggering 55.5% increase in victims worldwide, reaching a total of 5,070. However, the landscape looks markedly different in 2024. While the numbers spiked to 1,309 cases in Q4 2023, the ransomware industry has seen a significant decline in Q1 2024, with only 1,048 cases reported. This represents a notable 22% decrease in ransomware attacks compared to the previous quarter.

 

 

There could be several reasons for this significant drop.

 

Reason 1: Law Enforcement Intervention

 

In 2024, law enforcement agencies took significant action against ransomware syndicates, leading to a notable drop in attacks.

 

The LockBit Arrests: In February, an international operation dubbed “Operation Cronos” resulted in the apprehension of three associates of the notorious LockBit ransomware syndicate in Poland and Ukraine. Authorities seized LockBit’s infrastructure, including dark web domains and backend systems, and confiscated cryptocurrency accounts and decryption keys to aid victims. Despite these arrests, LockBit quickly resumed its operations, demonstrating the persistent challenges in combating cybercrime.

 

The Impact of the ALPHV Takedown: In December 2023, the FBI disrupted the ALPHV/BlackCat ransomware group by seizing control of their main site and developing decryption tools for victims. This takedown led to a five-day outage of ALPHV’s dark web infrastructure. In Q1 2024, ALPHV conducted 51 ransomware attacks, a significant decrease from 109 attacks in Q4 2023, indicating the substantial impact of the FBI’s intervention.

 

 

Reason 2: Decrease in Ransom Payments

 

Another factor contributing to the decline in ransomware attacks is the decrease in ransom payments, leading ransomware groups to consider alternative revenue sources.

 

In Q4 2023, only 29% of ransomware victims complied with ransom demands, marking a significant decrease. Coveware, a ransomware negotiation firm, attributes this trend to factors such as improved preparedness among organizations, skepticism towards cybercriminal promises, and legal restrictions in regions where ransom payments are banned.

 

Moreover, the average ransom payment in Q4 2023 decreased by 33% compared to the previous quarter, with the median payment dropping to $200,000. This decline in profitability may be discouraging for ransomware groups.

 

Despite the decrease in ransom payments, new ransomware groups emerged in Q1 2024, including RansomHub, Trisec, Slug, and Mydata. However, these groups have not yet compensated for the overall drop in ransomware attacks, indicating a shifting landscape in cybercriminal activities.

 

Ensure compliance and outsmart cyber threats with CyberArrow Enterprise GRC Automation Solution.