Ransom Payments Plummet by 35% — But Industries Shouldn’t Relax

We’ve all seen the daily reports of ransomware attacks, but it’s not all doom and gloom.

According to figures released by Chainalysis on February 5, 2025, ransomware payments significantly declined in 2024, falling by 35% to $813.55 million.

This marks a sharp drop from 2023 when payments reached an all-time high of $1.25 billion.

Yet cybercriminals continue targeting organizations across all sectors, with small businesses facing heightened risk due to limited security resources and industries facing millions of dollars in supply chain disruption every day that they are offline.

Has the ransomware surge peaked, or is it a taste of what’s to come? Techopedia explores.

Table of Contents Table of Contents

1. Key Takeaways
2. More Ransomware Attacks — But Less Bounty
3. Industries Most Vulnerable to Ransomware Attacks
4. The Bottom Line
5. FAQs
6. References

Show Full Guide

Table of Contents

1. Key Takeaways
2. More Ransomware Attacks — But Less Bounty
3. Industries Most Vulnerable to Ransomware Attacks
Show Full Guide
4. The Bottom Line
5. FAQs
6. References

More Ransomware Attacks — But Less Bounty

Coordinated law enforcement actions in 2024 significantly affected major ransomware groups, with the takedown of LockBit, in particular, leading to a 79% payment reduction in the second half of 2024.

Meanwhile, the BlackCat ransomware group was stopped shortly after the Change Healthcare attack, which saw millions of Americans unable to get their prescriptions for a week. This was followed by a federal investigation amid an alleged $22m ransom payment.

But despite the success of law enforcement teams, cybercriminals continue to adapt their attack methods, with new groups such as Arcus Media, HellCat, RansomHub, and FunkSec forming from the remnants of the old.

Although payments have plummeted, statistics show ransomware attacks increased 67% in 2023, with average recovery costs reaching $2.73 million.

The increase in attacks is due to attackers now using Ransomware-as-Service (RaaS) platforms, which make it easier to launch sophisticated attacks without the required technical expertise.

Chainalysis pointed to new tech and changing social patterns as key factors playing into ransomware groups, including:

The manufacturing, healthcare, and transportation sectors face the highest risks due to their critical operations and complex supply chains.

When attacked, these organizations often struggle between paying ransoms or enduring costly, drawn-out operational disruptions.

Industries Most Vulnerable to Ransomware Attacks

Manufacturers lose $1.9 million daily to ransomware attacks, and downtime is more than just a number: it results in lost revenue, stalled production, and supply chain chaos.

Once attacked, companies simply cannot track shipments, manage inventory, or process transactions without access to critical data. Even if companies have backups, attackers often aim to disable them first, leaving few options beyond paying ransoms or rebuilding from scratch.

We must also remember that physical or virtual criminals will try to turn any situation into an opportunity. Intelligent architectures bring new challenges, especially with the rise of 5G and edge computing technologies.

The common targets of ransomware within manufacturing include:

Industrial Control Systems

As industries merge operational technology (OT) with IT, industrial control systems (ICS) become prime cyber targets.

These systems manage critical infrastructure like power grids and traffic signals, making security essential.

Research from BitSight previously showed that nearly 100,000 ICS devices remain exposed online, making them a target for attackers and the essential services we rely on.

Water and Renewables

Water and renewable energy industries face cybersecurity risks similar to oil and gas. Shared systems create multiple ransomware entry points to industrial control systems.

America has experienced a spate of water attacks over the last 18 months, including one attack on the water supply system in Aliquippa, Pennsylvania.

Instead of monitoring water supplies, computer monitors instead displayed: “…Our system had been hacked by the legal authority by the Cyber Av3ngers. Down with Israel.”

Oil and Gas

The attack on the Colonial Pipeline proved how a single breach can halt fuel distribution, spike prices, and expose security gaps.

In that incident, a ransomware attack stopped a significant fuel pipeline from working, disrupting supply chains across the Eastern United States and having knock-on effects on citizens and federal agencies.

These disruptions don’t just delay operations; they drive up costs, damage reputations, and cause chaos for the rest of us.

Transportation

An attack on transport logistics isn’t just about disrupted schedules; lives are at risk! It’s not always obvious, but a compromised rail system could cause collisions, while attacks on shipping or road networks create chaos.

As connectivity grows, so do vulnerabilities, with breaches exposing data and crippling logistics. When transport stops, everything does.

The Bottom Line

It’s great to learn that ransomware payments have dropped significantly, but that doesn’t mean we can relax.

Ransomware gangs constantly change and seek new ways to exploit a system, meaning constant vigilance and stronger security measures are needed to stay one step ahead of malicious actors.

Law enforcement officers are still rounding up these groups, shutting down their activities, and arresting people. Although what they do is helpful, companies cannot just rely on that; they have to take responsibility for their security defenses. A proactive approach is needed to reduce risk and limit any damage.

Security professionals and business leaders all contribute to strengthening defenses. However, without commitment from every level, organizations remain vulnerable.

FAQs