Cybercrimes like ransomware can be highly profitable. This has encouraged a lot of competition and lead to a very efficient market for services. And because the costs can be catastrophic, we have studied the marketplace more than just about any other industry. It makes for some interesting economic analysis.

Chainalysis is a company that monitors transactions in the crypto currency space. That gives them good insight into ransomware trends where crypto is the primary payment mechanism. In mid 2024 they were seeing a slight increase in ransomware payments and they were predicting another record year (a prediction echoed by many reporting on the ransomware industry.) However the second half of 2024 saw a sharp decline in ransomware payments and we closed out 2024 down 35% with $813.55MM paid.

They have done some excellent work to understand why ransoms paid declined, while the incidents of ransomware appear to have increased:

• A few large ransomware players exited the market mid year (LockBit disrupted by NCA and FBI efforts, and ALPHV/BlackCat disappeared after a particularly large score)
• The remaining smaller operators, demand less money and are less sophisticated, so
• Victims are better able to recover from ransomware attacks without paying

Overall this is good news. For years we have seen ransomware increasing as the crime crews appeared to operate with impunity. Market forces within the ransomware industry increase competition which reduces “prices” (ransom) and changes in customer “demand” (infrastructure resilience) reduce sales for the ransomers.

As an economics nerd I appreciate an insightful analysis like this for the pretty charts alone. As a cybersecurity defender, it helps to understand the adversaries’ motivations, operations and priorities to best craft defences. I highly recommend the Chainalysis report for everyone.