Ransomware is one of the most persistent cybersecurity threats, and recent reports suggest that ransomware payments have significantly declined in 2024. According to various media outlets, law enforcement actions have contributed to this trend, leading many to believe that ransomware is on the decline. But is that really the case? Let’s take a deeper look at why ransomware payments are down and why the reality of cybercrime may be different from what’s being reported.
A Look at the Numbers
Data from Chainalysis suggests that ransomware payments have decreased by 35% year over year, with less than half of recorded ransomware incidents resulting in payments. This trend isn’t entirely new—we saw a similar dip between 2021 and 2022 when ransomware payments dropped from $1.1 billion to $655 million, before surging again in 2023.
Looking at these numbers alone, it might seem like ransomware is losing its grip. However, historical trends suggest that ransomware attacks ebb and flow, and there’s no reason to believe 2025 won’t bring a resurgence. The real question is: why have payments dropped, and does that mean organizations are getting better at defending against cybercriminals?
The Reality Behind the Decline
Many reports attribute the drop in ransomware payments to improved cybersecurity measures, better cyber resilience, and stronger backup strategies. While this may be true for some companies, the reality on the ground paints a different picture. Ransomware attacks remain at an all-time high, and cybercriminals are simply changing tactics to maximize their profits.
Cybercriminals Are Still in Your Network
One critical factor often overlooked is how long cybercriminals remain undetected in networks. Studies indicate that attackers can lurk inside a company’s systems for an average of 277 days before being discovered. This means that even if reported ransomware payments are down, the actual number of compromised organizations remains high.
Cybercriminals operate like businesses themselves. They gain access to multiple organizations and pick their targets strategically, waiting for the right moment to launch an attack. In many cases, they don’t even need to deploy ransomware to profit.
The Shift to Business Email Compromise (BEC)
Instead of encrypting files and demanding ransom, many cybercriminals now focus on Business Email Compromise (BEC). BEC scams allow attackers to manipulate email communications and trick employees into transferring funds to fraudulent accounts. This tactic can be just as lucrative—if not more—than ransomware, without the risk of law enforcement intervention or non-payment.
When a cybercriminal infiltrates a company’s email system, they can redirect invoices, change payment details, and manipulate financial transactions with ease. Unlike ransomware, which requires companies to negotiate payments, BEC scams exploit existing business processes, making them harder to detect and even less likely to be reported.
Cybercriminals Are Selective About Ransomware Deployment
Even in cases where ransomware is deployed, attackers are becoming more selective about whom they target. If a company refuses to negotiate or signals that they won’t pay, cybercriminals can simply move on to another target. Since they already have access to multiple networks, they don’t need to waste time on organizations that are less likely to pay.
This shift in strategy means that while fewer ransoms are being paid, the overall impact of ransomware attacks remains devastating. Companies may avoid paying the ransom, but many still suffer significant downtime, data loss, and reputational damage. In extreme cases, businesses may even shut down entire divisions rather than recover from an attack.
What This Means for Businesses
The idea that ransomware is declining is misleading. While ransom payments are lower, cybercriminals continue to thrive by adapting their methods. Organizations cannot afford to become complacent based on misleading statistics. Instead, they must take proactive measures to protect themselves, including:
- Implementing Advanced Threat Detection – Relying on traditional cybersecurity tools isn’t enough. Companies need 24/7 monitoring and threat detection to identify intrusions before they escalate.
- Strengthening Email Security – Since BEC is on the rise, implementing email authentication protocols and employee training can prevent costly fraud.
- Regularly Testing Backups – While backups are important, they must be regularly tested to ensure they can be restored in the event of an attack.
- Investing in Cyber Resilience – Beyond prevention, businesses need incident response plans to mitigate damage when (not if) an attack occurs.
Final Thoughts
The drop in ransomware payments should not be mistaken for a decline in cybercrime. Attackers are simply evolving, shifting their focus to tactics that generate revenue without drawing attention. Businesses must remain vigilant, continuously improving their cybersecurity strategies to stay ahead of these threats.
Ransomware is far from over—it’s just changing shape. The real question is: Is your business prepared?
Schedule a free consultation with our cybersecurity experts today and get a personalized security assessment.
