Ransomware Hits 5,289 in 2024, but Many Victim Companies Won’t Talk About It

ccn.comDipublikasikan tanggal 2025-08-07Terakhir diperbarui pada 2025-08-09

Key Takeaways
  • Many companies hide ransom payments, often made in crypto, to avoid reputational damage or regulatory scrutiny.
  • 2024 saw 5,289 reported ransomware incidents worldwide, up 15% from 2023.
  • Experts stress that stopping ransomware requires more prevention techniques.

Ransomware attacks reached 5,289 reported cases worldwide in 2024, up 15% from the previous year and more than double the total in 2022.

However, the true scale of the crisis may be obscured, as many victim companies reportedly refuse to disclose when they pay attackers.

The Culture of Secrecy

Earlier this year, James Babbage, director general at the U.K.’s National Crime Agency, told BBC’s Panorama that “it is the paying of ransoms which fuels this crime.”

A culture of secrecy may be helping to fuel a cycle of ransomware attacks.

Adnan Malik, head of data protection at Barings Law, told The Epoch Times that companies “do not openly declare they have paid a ransom,” often to avoid reputational harm or regulatory scrutiny.

This can be easily concealed through cryptocurrency payments, which are the most common form of payment in ransomware cases.

Andy Jenkinson, a fellow of the Cyber Theory Institute, told The Epoch Times that “ransoms are almost always paid in Bitcoin and other cryptocurrencies, which are harder to trace than bank transfers.”

While blockchain transactions are public, tracing them to a specific organization often requires sophisticated investigative work, which is made more difficult by mixers and other obfuscation techniques.

Ransomware Attacks Grow, But Payments Decrease

Ransomware incidents surged again in 2024, hitting 5,289 reported cases worldwide—a 15% year-on-year increase, according to U.S. law enforcement data.

While that’s a sharp slowdown from the 77% spike in 2023, it still marks more than a doubling of global incidents since 2022.

The U.S. has remained the epicenter of the threat, accounting for roughly half of all attacks, driven by what authorities describe as a “broad range of profitable targets.”

Authorities partly credit the slowdown in growth to coordinated international crackdowns.

Operation Cronos, launched in February 2024, targeted the LockBit network, one of the world’s most prolific ransomware operations, leading to arrests , the freezing of over 200 cryptocurrency accounts, and the seizure of more than 7,000 decryption keys.

Still, the disruption failed to significantly reduce the overall volume of ransomware events.

Ransomware payments decreased | Credit: Chainalysis

Chainalysis data also showed that while reported incidents climbed, the total value of ransom payments fell 35% year-over-year to $813.55 million, suggesting more victims refused to pay or negotiated lower settlements.

This shift may highlight a growing disconnect between the frequency of attacks and attacker revenue.

Ransomware Can Be Stopped, But Silence Complicates Things

While global law enforcement operations have dented ransomware revenues, many cybersecurity experts stress that lasting progress depends on preventing attacks from succeeding in the first place.

Jason Soroko, Senior Fellow at Sectigo and co-host of the award-winning Root Causes podcast, told CCN that the battle against ransomware should start with identity security.

“Stopping ransomware relies on combining identity-first principles with least-privilege data access security, all while leveraging a variety of cybersecurity best practices and technologies,” Soroko said.

By “identity-first,” Soroko means putting user authentication and verification at the heart of a security strategy.

“An identity-first approach that leverages proven identity security technologies such as public key infrastructure (PKI) helps to protect identity through the usage of strong phishing resistant credentials,” he explained.

Soroko argues that this is not just about technology, but about giving security teams full oversight of who is inside the system at any given time.

However, the effectiveness of this is undermined when victims remain silent.

In 2023, British authorities warned that it’s “the attacks we don’t hear about… that aren’t reported to us and pass quietly by, pushed to one side, the ransoms paid to make them go away,” that cause the most damage.

“If attacks are covered up, the criminals enjoy greater success, and more attacks take place,” the National Cyber Security Centre (NCSC) said.

For Soroko, the conversation about ransomware has been too focused on the ransom payment itself.

“A growing number of cybersecurity experts have now figured out that ransomware is not solely a malware problem, it is a data access and identity problem,” he told CCN.

“The lasting damage of ransomware attacks lies not in the transactions forced upon by the bad actor but in the cost of lost business, disruption to operations, and clean-up.”

U.K. To Ban Ransom Payments

In July, the UK government announced plans to ban public sector bodies and critical infrastructure operators from paying ransom demands.

Under the new measures, all businesses not covered by the ban will be required to alert the government if they plan to pay a ransom.

“The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cyber criminal groups, many of whom are based in Russia,” the UK government said.

NCSC Director of National Resilience Jonathon Ellison said: “These new measures help undermine the criminal ecosystem that is causing harm across our economy.

“Ransomware remains a serious and evolving threat, and organisations must not become complacent.”

Was this Article helpful? Yes No

Bacaan Terkait

Solana Perluas Kekuatan Validator dengan Peluncuran Tata Kelola On-Chain

Solana secara resmi meluncurkan sistem tata kelola on-chain yang dinantikan, menawarkan pemegang token dan validator cara yang lebih terbuka dan terdesentralisasi untuk mempengaruhi keputusan protokol penting. Perdebatan dan pemungutan suara tata kelola kini sepenuhnya dilakukan di dalam rantai (on-chain) menggunakan Solana Governance Proposals (SGP), didukung oleh pemungutan suara berbobot stake dan verifikasi kriptografi. Validator dengan stake yang didelegasikan setidaknya 100.000 SOL dapat mengajukan SGP. Agar maju ke pemungutan suara formal, setiap proposal harus pertama-tama mendapatkan dukungan dari minimal 15% dari total SOL yang di-stake di jaringan. SGPs berfungsi memisahkan pilihan komunitas dari pembangunan teknis. Sementara SIMD (Solana Improvement Documents) tetap menjadi standar untuk perubahan teknis protokol, SGPs memutuskan apakah ekosistem yang lebih luas setuju sebuah proposal harus dilanjutkan, melalui voting on-chain berbobot stake. Fitur penting lainnya adalah pemberdayaan delegator, yang kini dapat mengambil alih suara validator mereka jika tidak sesuai preferensi atau jika validator tidak memilih. Mereka dapat memberikan suara langsung menggunakan bobot stake mereka sendiri melalui portal tata kelola Solana. Proses ini diamankan dengan bukti Merkle dan algoritma tata kelola khusus. Dengan penerapan tata kelola on-chain ini, Solana bertujuan untuk melibatkan lebih banyak anggota komunitas tanpa mengorbankan proses pengembangan, menggabungkan desentralisasi dan efisiensi.

TheNewsCrypto20m yang lalu

Solana Perluas Kekuatan Validator dengan Peluncuran Tata Kelola On-Chain

TheNewsCrypto20m yang lalu

Kepala Petugas Investasi Bitwise: Penurunan Besar STRC adalah Sinyal Dasar, Bull Market akan Dimulai pada Musim Gugur

Bitwise CIO: Penurunan STRC Tanda Pasar Dasar, Bullish Diperkirakan Mulai Musim Gugur Bitwise CIO Matt Hougan menganalisis penurunan baru-baru ini di harga Bitcoin (di bawah $60.000) dan kaitannya dengan saham preferen Strategy, STRC. STRC adalah produk saham preferen yang dirancang stabil di sekitar nilai nominal $100 dengan hasil dividen tinggi, menarik $10.5 miliar yang digunakan perusahaan untuk membeli Bitcoin. Ketika harga Bitcoin dan saham induk MSTR turun, kekhawatiran atas kemampuan Strategy membayar dividen menyebabkan harga STRC anjlok ke $75. Strategy merespons dengan kerangka baru: mereka mungkin menjual sebagian Bitcoin untuk membayar dividen, membiarkan harga STRC mengambang bebas, dan berpotensi membeli kembali saham. Ini menandai perubahan peran Strategy dari pembeli Bitcoin satu arah menjadi pelaku pasar yang lebih dinamis. Hougan berpendapat volatilitas STRC adalah ciri khas akhir siklus, di mana leverage berlebihan (uang yang mencari pendapatan stabil masuk ke aset volatil seperti Bitcoin) sedang dilikuidasi. Pembersihan leverage ini diperlukan untuk menemukan dasar pasar. Sinyal mendekati dasar pasar termasuk: MSTR diperdagangkan di bawah nilai aset bersih (NAV), Indeks Fear & Greed Crypto di level ekstrem 'takut', dan funding rate futures Bitcoin yang terus negatif. Kesimpulan Hougan: Pasar sedang dalam proses pembersihan yang menyakitkan namun perlu. Dengan leverage berlebih keluar, dasar pasar diperkirakan sudah dekat, dan bullish baru kemungkinan akan dimulai pada musim gugur tahun ini. Pembeli utama berikutnya diperkirakan akan berasal dari lembaga keuangan tradisional seperti bank, dana pensiun, dan dana kekayaan sovereign.

marsbit1j yang lalu

Kepala Petugas Investasi Bitwise: Penurunan Besar STRC adalah Sinyal Dasar, Bull Market akan Dimulai pada Musim Gugur

marsbit1j yang lalu

Trading

Spot
活动图片