Mysterious Drop in Ransomware Attacks in 2024 – What Is Behind This Phenomenon?


Decline in Ransomware Attacks in 2024 – A New Perspective

According to the latest data, the ransomware industry has experienced a significant decrease in activity in the first quarter of 2024. After a disturbing 55.5% increase in 2023, the number of victims dropped from 5,070 to 1,048 cases. This marks a 22% decline in ransomware attacks compared to the previous quarter of the last year.

Reasons for the Significant Decrease in Ransomware Attacks

1. Law Enforcement Intervention

One of the main factors influencing the reduction in the number of attacks was the involvement of law enforcement agencies. Operations conducted led to the arrest of members of known syndicates and weakened their activities.

LockBit Arrests

As part of “Operation Cronos,” collaborators of the LockBit ransomware syndicate were detained in Poland and Ukraine. By seizing cryptocurrency accounts and obtaining decryption keys, victims received support in the data recovery process.

ALPHV Takedown

The FBI announced the disruption of ransomware group ALPHV/BlackCat, which had a significant impact on the decrease in the number of attacks. ALPHV was involved in 51 attacks in the first quarter of 2024, compared to 109 attacks in the previous quarter.

2. Decrease in Ransom Payments

A noticeable decrease in ransom payments has forced ransomware groups behind the attacks to seek other sources of income. Fewer victims choose to pay the ransom, reducing their value and motivating criminals to explore alternative strategies.

New Ransomware Groups in 2024

Despite the decline in sector activity, the first quarter of 2024 saw the emergence of many new ransomware groups. RansomHub, Trisec, Slug, Mydata are just some of the entities that have the potential to become significant players in the market.

Cyberint forecasts indicate that these new groups will develop their skills, competing with existing players such as LockBit 3.0, Cl0p, and BlackBasta to gain a dominant position in the ransomware industry.