Ransomware losses tumble but threat remains: Chainalysis

A recent report by Chainalysis has indicated a significant reduction in losses attributed to digital asset scams in 2024, with a reported decline of 35% compared to the exceedingly high levels observed in 2023.

Ransomware attackers netted $813.55 million from victims in 2024, inflamed by a string of daring attacks by small and large-scale entities. Last year, bad actors pilfered $1.25 billion from unsuspecting victims, making 2024 the first drop in malware theft since 2022.

Analysts based the decline on several factors, citing heightened collaboration between law enforcement agencies and victims’ refusal to negotiate with the bad actors. The decline hit its strides in the second half of 2024, with threat actors pulling in nearly $500 million by June, underscored by the near $100 million payment to the Dark Angels syndicate and Akira.

After major syndicates LockBit and BlackCat collapsed, researchers saw no B-list players move up to take their place. Instead, bad actors operated in isolated and uncoordinated events. Most of the attacks in the second half of the year came from data leak sites, with the report noting a surge in the number of data leak sites from previous years under review.

“The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small to midsize market, which in turn are associated with more modest ransom demands,” said Lizzie Cookson, an executive at Coveware.

While the metrics appear to be in steep decline, Chainalysis’ report predicts an increase in activity as bad actors adopt new strategies in 2025.

“In response, many attackers shifted tactics, with new ransomware strains emerging rebranded, leaked, or purchased code, reflecting a more adaptive and agile threat environment,” read the report.

The report projects faster negotiation times by threat actors and previously unseen malware to circumnavigate existing cybersecurity offerings.

Despite the drop, bad actors still rely on centralized exchanges, bridges, and personal wallets to launder funds. However, 2024 marked a steep slump for mixers laundering stolen digital assets, with the services holding only a 15% market share.

Most ransomware gangs are holding their digital assets, opting not to cash out following recent streaks of heightened law enforcement action.

A changing landscape

An emerging technology landscape appears to give bad actors a broader arsenal in their attacks against digital asset holders. Several analysts have highlighted attacks involving AI and machine learning (ML) tools in malware, and cybersecurity teams are grappling with new threats.

State-backed groups are receiving support, while ransomware-as-a-service has been recording impressive ecosystem growth in recent years. Decentralized finance (DeFi) players are also exploring AI-based security countermeasures to stifle bad actors’ success rates, notching a string of positives.

Crypto ‘stealer’ on the loose

In other news, cybersecurity firm Kaspersky has released a report highlighting a malware campaign targeting digital asset wallet recovery phrases through mobile applications on Android and iOS devices.

According to the report, the malware targets sensitive details by scanning image galleries and sending gleaned data to remote servers. Dubbed SparkCat, researchers say the malware gained significant steam in 2024, evolving from a 2023 technique into its present form.

The malware relies on a compromised software development kit (SDK) in presele