More than $459 million was extorted from victims of ransomware attacks in the first half of 2024, according to a new report, highlighting a growing crisis that has affected all organizations, from large corporations to local governments and hospitals.

Blockchain research firm Chainalysis tracked cryptocurrency payments to wallets controlled by ransomware actors and found that the amount stolen by these criminals increased by $10 million compared to the previous year’s figure of $449.1 million.

Researchers said the speed of payments puts the world “firmly on track for the worst year ever.” Several other statistics showed that the ransomware problem is getting worse. In addition to a new record ransom payment of $75 million – which was confirmed by other blockchain analysts – the average payment also increased.

For the most threatening groups – those that received a maximum payment of over $1 million this year – the average ransom rose from $198,939 in the first week of 2023 to $1.5 million in mid-June 2024.

“This pattern may indicate that these strains are beginning to target larger companies and critical infrastructure providers, who may be more willing to pay excessive ransom amounts due to the deep pockets and systemic importance of these targets,” the researchers said.

The numbers are consistent with data from other cybersecurity companies, including Sophos, which recently released a report that found that the average extortion amount among 49 state and local agencies that paid a ransom in 2024 was $2.2 million.

Payment tracking has also shown that ransomware attacks are becoming more common, with at least a 10% increase in attacks recorded this year.

But despite the increasing frequency of attacks and higher ransom payments, fewer and fewer victims seem to be paying ransoms.

According to the researchers, the number of “ransomware payment cases” has decreased by 27% compared to last year, showing that more victims may be better prepared and choosing to recover from the attacks themselves.

Andrew Davis, general counsel at incident response firm Kiva Consulting, said 65% of the attacks they were asked to help with this year were resolved without paying a ransom.

Davis added that law enforcement actions to dismantle the ALPHV/BlackCat and LockBit ransomware groups have fragmented the cybercrime landscape and the companies involved are now being forced to switch to less effective variants or develop their own.

“Whether they are former partners of these known threat actors or new upstarts, a large number of new ransomware groups have entered the fray, demonstrating new methods and techniques for conducting their attacks, such as expanding their initial access capabilities and lateral movement approaches,” he said.

While government officials have questioned the effectiveness of shutting down ransomware infrastructure in recent weeks, some researchers said the data highlights the importance of these measures.

Corsin Camichel, an expert at cybercrime research firm eCrime.ch, said shutdowns and law enforcement actions such as Operation Cronos, Operation Duck Hunt and Operation Endgame are “essential to curb these activities and signal that criminal acts will have consequences.”

In 2023, a record $1 billion ransom was paid, partly as a result of several high-profile attacks, including Clop’s exploitation of a popular file transfer tool and the ALPHV/BlackCat attack on Caesars hotel properties.

Chainalysis typically revises its ransom payment figures upward each year when the company discovers new crypto wallets used by criminals.

Crypto theft

Ransomware wasn’t the only cybersecurity threat Chainalysis warned about – according to the researchers, crypto thefts are also on the rise. Cybercriminals stole nearly $1.6 billion through such attacks in the first half of 2024, compared to $857 million in the same period in 2023.

The number of attacks on cryptocurrency platforms has remained largely stable, but hackers have stolen more money in each attack than last year. The average value of a theft rose to $10.6 million this year, compared to $5.9 million in the first half of last year.

Chainalysis attributed this mainly to the increase in the value of cryptocurrencies – especially Bitcoin – compared to the previous year, when the market collapsed following the closure of several major platforms.

The largest attack this year was against DMM, in which $305 million was stolen.

According to Chainalysis, the increased security measures taken by companies offering decentralized finance (DeFi) services have deterred most hackers, forcing them to “go back to their roots and target centralized exchanges again after four years of focusing on their decentralized counterparts that don’t typically trade Bitcoin.”

Learn more.