The crypto industry saw ransomware payments decline by 35% in 2024, falling to $813 million from the previous year’s $1.25 billion, according to Chainalysis‘ 2025 Crypto Crime Report.
This is the biggest annual drop in ransomware revenues over the last three years, according to the company.
Crypto ransomware – 2024
Despite an initial uptick in attacks during the first half of 2024 — one victim reportedly paid $75 million to the Dark Angels group — ransomware payments plummeted in the latter half of the year. According to the report, this decline can be attributed in part to more stringent law enforcement actions, better international cooperation and growing resistance from victims.
In addition, authorities around the world have intensified their fight against cybercrime and targeted platforms that facilitate illicit transaction. The US and its allies imposed sanctions against the Russian crypto exchange Cryptex because it enabled money laundering and related ransomware activities.
Intriguingly, even though ransomware cases increased, victims paid less. As much as 30% of the negotiations ended in ransom payments, but many people chose to use decryption software or restore from backups.
The report highlights an increasing gap between the ransom demanded and what was actually paid. The attackers were demanding much more in the second half 2024 than victims actually paid, and payments fell short by 53 percent. Those who did pay sent an average of $150,000 to $250,000—significantly lower than initial demands.
Changes in laundering techniques
Laundering techniques adapted as ransomware payment declined. In the past, ransomware attackers used mixing platforms to hide funds flows. Between 10% and 15% were processed by these platforms.
In 2024, the use of mixers has dropped significantly due to law enforcement actions against services such as ChipMixer and Sinbad, Tornado Cash.
To move money covertly, ransomware users instead used cross-chain links. Centralized exchanges (CEXs) remained a primary off-ramping channel, accounting for 39% of ransomware-related transactions—slightly above the 37% average observed between 2020 and 2024.
A surprising trend was also observed, as the majority of funds collected for ransom were not cashed in. It is possible that ransomware operators are more cautious because they may be afraid of unpredictable law enforcement action targeting illicit transactions.
Law enforcement’s crackdown on no-KYC exchanges significantly impacted illicit fund flows. German authorities seized 47 Russian-language crypto exchanges that did not require KYC in September 2024. Sanctions were also targeted at Cryptex.
The effectiveness of the regulatory action was reinforced when ransomware inflows on platforms that did not require KYC dwindled shortly after.
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
