Ransomware Hits 5,289 in 2024, but Many Victim Companies Won’t Talk About It

ccn.com發佈於 2025-08-07更新於 2025-08-09

Key Takeaways
  • Many companies hide ransom payments, often made in crypto, to avoid reputational damage or regulatory scrutiny.
  • 2024 saw 5,289 reported ransomware incidents worldwide, up 15% from 2023.
  • Experts stress that stopping ransomware requires more prevention techniques.

Ransomware attacks reached 5,289 reported cases worldwide in 2024, up 15% from the previous year and more than double the total in 2022.

However, the true scale of the crisis may be obscured, as many victim companies reportedly refuse to disclose when they pay attackers.

The Culture of Secrecy

Earlier this year, James Babbage, director general at the U.K.’s National Crime Agency, told BBC’s Panorama that “it is the paying of ransoms which fuels this crime.”

A culture of secrecy may be helping to fuel a cycle of ransomware attacks.

Adnan Malik, head of data protection at Barings Law, told The Epoch Times that companies “do not openly declare they have paid a ransom,” often to avoid reputational harm or regulatory scrutiny.

This can be easily concealed through cryptocurrency payments, which are the most common form of payment in ransomware cases.

Andy Jenkinson, a fellow of the Cyber Theory Institute, told The Epoch Times that “ransoms are almost always paid in Bitcoin and other cryptocurrencies, which are harder to trace than bank transfers.”

While blockchain transactions are public, tracing them to a specific organization often requires sophisticated investigative work, which is made more difficult by mixers and other obfuscation techniques.

Ransomware Attacks Grow, But Payments Decrease

Ransomware incidents surged again in 2024, hitting 5,289 reported cases worldwide—a 15% year-on-year increase, according to U.S. law enforcement data.

While that’s a sharp slowdown from the 77% spike in 2023, it still marks more than a doubling of global incidents since 2022.

The U.S. has remained the epicenter of the threat, accounting for roughly half of all attacks, driven by what authorities describe as a “broad range of profitable targets.”

Authorities partly credit the slowdown in growth to coordinated international crackdowns.

Operation Cronos, launched in February 2024, targeted the LockBit network, one of the world’s most prolific ransomware operations, leading to arrests , the freezing of over 200 cryptocurrency accounts, and the seizure of more than 7,000 decryption keys.

Still, the disruption failed to significantly reduce the overall volume of ransomware events.

Ransomware payments decreased | Credit: Chainalysis

Chainalysis data also showed that while reported incidents climbed, the total value of ransom payments fell 35% year-over-year to $813.55 million, suggesting more victims refused to pay or negotiated lower settlements.

This shift may highlight a growing disconnect between the frequency of attacks and attacker revenue.

Ransomware Can Be Stopped, But Silence Complicates Things

While global law enforcement operations have dented ransomware revenues, many cybersecurity experts stress that lasting progress depends on preventing attacks from succeeding in the first place.

Jason Soroko, Senior Fellow at Sectigo and co-host of the award-winning Root Causes podcast, told CCN that the battle against ransomware should start with identity security.

“Stopping ransomware relies on combining identity-first principles with least-privilege data access security, all while leveraging a variety of cybersecurity best practices and technologies,” Soroko said.

By “identity-first,” Soroko means putting user authentication and verification at the heart of a security strategy.

“An identity-first approach that leverages proven identity security technologies such as public key infrastructure (PKI) helps to protect identity through the usage of strong phishing resistant credentials,” he explained.

Soroko argues that this is not just about technology, but about giving security teams full oversight of who is inside the system at any given time.

However, the effectiveness of this is undermined when victims remain silent.

In 2023, British authorities warned that it’s “the attacks we don’t hear about… that aren’t reported to us and pass quietly by, pushed to one side, the ransoms paid to make them go away,” that cause the most damage.

“If attacks are covered up, the criminals enjoy greater success, and more attacks take place,” the National Cyber Security Centre (NCSC) said.

For Soroko, the conversation about ransomware has been too focused on the ransom payment itself.

“A growing number of cybersecurity experts have now figured out that ransomware is not solely a malware problem, it is a data access and identity problem,” he told CCN.

“The lasting damage of ransomware attacks lies not in the transactions forced upon by the bad actor but in the cost of lost business, disruption to operations, and clean-up.”

U.K. To Ban Ransom Payments

In July, the UK government announced plans to ban public sector bodies and critical infrastructure operators from paying ransom demands.

Under the new measures, all businesses not covered by the ban will be required to alert the government if they plan to pay a ransom.

“The government could then provide those businesses with advice and support, including notifying them if any such payment would risk breaking the law by sending money to sanctioned cyber criminal groups, many of whom are based in Russia,” the UK government said.

NCSC Director of National Resilience Jonathon Ellison said: “These new measures help undermine the criminal ecosystem that is causing harm across our economy.

“Ransomware remains a serious and evolving threat, and organisations must not become complacent.”

Was this Article helpful? Yes No

你可能也喜歡

ZoomEX Space会议回顾:与迪迪·哈曼及世界杯交易专家小组的对话

Zoomex举办了世界杯系列X Space的第二期活动,邀请欧冠冠军迪迪·哈曼及三位交易员参与讨论。话题涵盖世界杯分析、德国队争议、职业哲学以及足球与加密货币交易的类比。作为慈善倡议的一部分,Zoomex每期捐赠1000 USDT,若嘉宾预测正确,捐赠额将增加5000 USDT。哈曼支持日本队击败瑞典,并选择捐助慕尼黑的无家可归者援助机构。 哈曼指出,足球中最难对付的是“无惧失利”的球队,他们因毫无保留而极具威胁。他结合自身中场角色强调,无论比分领先或落后,都应保持相同打法:稳固结构,将球交给更具创造力的队友。2005年伊斯坦布尔奇迹正是这种坚持的例证。 关于攻防平衡,哈曼认为仅靠进攻无法赢得冠军,稳固的防守和球队结构至关重要。他区分了技术失误与心理失误,后者更令人懊恼。交易员们将此类比于交易纪律:止损如同最后一道防线,资本管理如同组织后防,情绪化是最大敌人。 哈曼预测巴西将赢得世界杯,因为其攻防俱佳,且安切洛蒂擅长管理漫长赛程中的球队事务。他亦称赞日本、南非等队的表现,并特别提到一位18岁的摩洛哥中场,其成熟度令人惊叹。 在交易讨论中,嘉宾们一致强调杜绝情绪化交易、严格执行计划的重要性。克拉克提出核心问题:“你想成为正确的人,还是想成为富有的人?” 他们将主流加密货币与国家队类比:比特币如巴西或阿根廷,以太坊如法国,Solana如葡萄牙。 整场对话的核心启示是:无论在足球还是交易中,当形势偏离计划时,保持既定流程和纪律比被动反应更为重要。成功依赖于在危机中维持结构,等待机会出现。Zoomex的世界杯慈善倡议将继续进行后续活动。

TheNewsCrypto23 分鐘前

ZoomEX Space会议回顾:与迪迪·哈曼及世界杯交易专家小组的对话

TheNewsCrypto23 分鐘前

Solana 启动链上治理以扩大验证者权力

Solana正式推出其备受期待的链上治理系统,为代币持有者和验证者提供了一个更开放、去中心化的方式来影响重要协议决策。治理辩论和投票现已完全在链上进行,并得到质押权重投票和加密验证的支持,通过新实施的Solana治理提案(SGP)机制实现。 根据新规则,任何拥有至少10万枚SOL委托质押的验证者都可以提交SGP。为确保只有获得广泛支持的提案进入正式投票,每个提案必须先获得网络总质押SOL至少15%的支持。 SGP与专注于技术协议变更的Solana改进文档(SIMD)有所区分。SIMD由核心开发者进行技术审查,关注“如何”实施升级;而SGP则通过链上质押权重投票,决定整个生态系统“是否”应该推进某项提案,将重大生态影响的决策权保留给社区投票。这种区分使得开发者能继续高效建设。 一个重要新增功能是委托者可以覆盖其验证者的治理投票。如果验证者的投票违背委托者意愿或选择不投票,委托者可以通过Solana治理门户直接使用自己的质押权重进行投票。投票过程通过Merkle证明确保安全,该证明根据链上记录的共识快照验证每个参与者的质押情况。专门的治理算法会在实际投票前为利益相关者提供可验证的权重。 随着链上治理的实施,Solana能够在不影响开发进程的前提下,让更多社区成员参与治理。验证者提交提案,利益相关者用质押投票,委托者享有完全自主权,Solana正在应用一种结合去中心化与协议开发效率的独特治理模式。

TheNewsCrypto24 分鐘前

Solana 启动链上治理以扩大验证者权力

TheNewsCrypto24 分鐘前

万亿豪赌半导体,韩国这次真的慌了?

韩国政府联合三星、SK集团宣布了一项总额达1461万亿韩元(约合人民币6.4万亿元)的巨额半导体投资计划,其中大部分投向半导体生产。此举一反韩国半导体产业以往“逆周期投资”的常态,在行业顺周期时进行大规模扩张,引发关注。 回望历史,半导体产业的王座更迭常伴随“举国体制+产业资本”模式的高效运作。日本曾借此在1980年代击败美国,占据全球DRAM市场80%份额。然而,随着个人电脑时代来临,市场转向追求成本与规模,执着于极致品质的日本企业优势不再。韩国抓住机遇,通过同样的模式并利用“逆周期投资”策略,在行业低谷期扩张产能,最终在1990年代反超日本,三星登顶全球DRAM市场第一。曾为对抗韩国而成立的日本尔必达公司,也在2012年破产,存储市场形成三星、SK海力士、美光三足鼎立格局。 如今,中国存储企业正以相似的路径崛起。长江存储和长鑫存储分别攻克NAND闪存和DRAM内存。长江存储通过自研的Xtacking架构,实现技术快速迭代,从32层到128层仅用3年,2025年全球NAND份额一度达13%。长鑫存储则通过收购破产的德国奇梦达公司获得技术基础,并冒险“跳代”研发,在合肥市长期资本支持下,2025年底拿下全球7.67%的DRAM份额,位列全球第四。特别是在2023年行业低谷期,两家中国企业逆势扩产、降价抢份额,实现了市场份额的翻倍增长。 韩国此次在顺周期豪赌,深层原因在于对中国追赶的焦虑。中国拥有完整的产业链和庞大的下游市场,一旦技术代差被追平,规模优势将迅速显现。韩国试图以超前投资拉开差距,守住王座。历史仿佛循环,当年韩国用以击败日本的策略,正被中国玩家运用。这场存储产业的权力角逐,远未结束。

marsbit34 分鐘前

万亿豪赌半导体,韩国这次真的慌了?

marsbit34 分鐘前

交易

現貨
活动图片