Ransomware Payouts: “Firmly on Track for the Worst Year on Record”

A record $1 billion in ransoms was paid in 2023, driven by high-profile attacks such as Clop’s exploitation of a file transfer tool and BlackCat/ALPHV’s attack on Caesars’ hotel properties.  

‍

The crisis has deepened in 2024, with over $459 million extorted in the first half of the year alone, according to a report by Chainalysis. This marks a $10 million increase from the previous year, signaling a worsening trend.  

‍

Notably, the median ransom payment for the most threatening ransomware groups surged from $198,939 in early 2023 to $1.5 million by mid-2024, suggesting that these groups are increasingly targeting larger, wealthier organizations.  

‍

Blockchain analysts also confirmed a record ransom payment of $75 million. The report aligns with data from other cybersecurity firms which noted a median ransom payment of $2.2 million for 49 state and local governments in 2024.  

‍

Additionally, ransomware attacks have become more frequent, with a 10% increase in incidents this year. Despite the rising frequency and payment sizes, fewer victims are choosing to pay ransoms.

‍

Takeaway: It's evident that the surge in ransomware operators, the evolving variants, and the increase in ransom payouts represents an unprecedented threat. The financial losses inflicted on victim organizations are staggering, and these costs will inevitably trickle down to consumers.

‍

This recent Chainalysis report highlights that ransomware payments in 2023 surpassed $1 billion, shattering previous estimates. When combined with the FBI's findings—after seven months of infiltrating the Hive ransomware gang—that only 20% of attacks are reported to law enforcement, the true financial toll could be closer to $5 billion.  

‍

And this figure is simply ransoms paid – it doesn’t even account for the immense costs of recovery, such as those incurred in the Change Healthcare attack, or the more intangible losses like brand damage, potential lawsuits, and regulatory fines.

‍

Ransomware has become a massive industry. The financial burden impacts consumers, businesses, and governments alike, posing a significant economic drag. To counter its growth, we must disincentivize attackers by making ransomware operations unprofitable—a goal we are still far from achieving.

‍

Threat actors are increasingly exploiting unpatched vulnerabilities and misconfigurations, automating their attack processes to hit more targets faster. The mass exploitation of vulnerabilities like MoveIT, GoAnywhere, and Citrix Bleed are stark examples of how preventable these attacks can be.

‍

While we cannot entirely stop ransomware attacks, we can prevent them from being successful.

‍

Resilience requires a strategic investment in maintaining uptime and productivity and having the contingencies in place to recover from an attack swiftly. Organizations that fail to make these investments will nonetheless continue to contribute to the multi-billion-dollar machine that is the Ransomware Economy.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.