Ransomware gangs are rolling in cash, with hackers taking home $459.8 million in the first half of 2024 alone

It's been a good year for ransomware gangs, new research shows, with threat actors having made more money so far this year than ever before.

A new report from Chainalysis puts the sum at $459.8 million for the first six months of 2024.This, the report noted, is largely down to 'big game hunting' - criminals carrying out fewer attacks, but collecting large payments.

Attacks in 2023 included the Cl0p exploit of the MOVEit zero-day and the ALPHV/BlackCat ransomware group’s exploit of Caesars hotels properties, which led to the company paying $15 million in ransom.

Brian Boyd, head of technical delivery at i-confidential, said the report raises serious concerns about both the scale and success of ransomware attacks in recent months.

"This massive figure highlights the explosion of the ransomware market today. This highlights that due to the lower cost of entry to the marketplace that more organizations are being affected and losing more to attacks than ever before, even despite more general awareness around cyber crime," he said.

"Earning almost half a billion in six months, turns cyber crime into one of the world’s most lucrative industries, so this figure should act as a stark warning to organizations about the importance of defenses today."

Ransomware payments are growing

Notably, the report found that ransomware payments are also skyrocketing. The median payment by affected organizations has spiked from just under $200,000 in early 2023 to $1.5 million in mid-June 2024.

This year saw the largest ransomware payment ever , recorded at approximately $75 million to the Dark Angels ransomware group.

This was almost twice the biggest payment from 2023 and a 335% increase from the maximum payment made in 2022.

Chainalysis said this shows particular ransomware groups are prioritizing targeting larger businesses and critical infrastructure providers that may be more likely to pay high ransoms, thanks to deep pockets and systemic importance.

"The actual losses these organizations suffered are far more than the figures in this report. The ransom payment is only one part of the financial penalty ransomware places on an organization," Boyd pointed out.

"The loss of productivity, assets, data, and the costs of recovery are often far greater than the actual demand."

Block threats that target cloud and virtualized environments

Meanwhile, the ransomware ecosystem has fragmented, thanks to the recent disruption of some of the largest players, such as ALPHV/BlackCat and LockBit.

Following these disruptions, some affiliates have migrated to less effective strains or launched their own strains.

"Organizations shouldn’t ignore the warnings from governments about paying demands, it does fuel the industry. The more criminals can earn, the harder they will work. But this also means defenses against attacks are more important than ever. With this kind of money-making potential, all organizations are targets," said Ryan McConechy, CTO of Barrier Networks.

"When it comes to defenses, organizations should train employees on threats, implement MFA to secure credentials, keep systems up to date with patches, and adopt a well-oiled and comprehensive incident response plan, so everyone can step straight into effective action, even when attacks do occur."