Here is the rewritten content without changing its meaning, retaining the original length, and keeping proper headings and titles as required:

Ransom Payments Decrease by 35% in 2024

The total volume of ransom payments decreased year-over-year by approximately 35%, due to law enforcement activities and more victims refusing to pay, according to blockchain analytics company Chainalysis.

Ransomware Attacks Collect Less Than Expected

In 2024, ransomware attackers collected approximately $813.55 million in payments, a significant drop from the $1.25 billion collected in 2023 and $1.07 billion collected in 2021. Chainalysis said this in its 2025 Crypto Crime Report.

Payment Trends

Payments were slightly up by approximately 2% in the first half of the year, leading the company to estimate that 2024 would surpass 2023’s totals. However, while the number of ransomware events increased in the second half of 2024, on-chain payments declined, suggesting that even though more victims were targeted, fewer actually paid the ransom. In some cases, those who paid managed to successfully negotiate the ransom amount to a much smaller amount.

The Pay-or-Not-Pay Dilemma

Victims organizations have wrestled with the pay-or-not-pay dilemma for years. On one hand, paying may be the only answer if there is no other way to recover the data or if the downtime waiting to recover the data is too long. On the other hand, paying rewards criminal activity, funds future activities, and may encourage more attacks against the victim. Improved cyber hygiene and overall resiliency is helping organizations make the decision to not pay, according to Christian Geyer, founder and CEO of Actfore.

Increased Resiliency and Cyber Hygiene

"Organizations have increasingly implemented comprehensive data backup solutions, so the business can rapidly recover their systems through a wipe and restore process," Geyer said.

Law Enforcement Actions Impact Ransomware Ecosystem

Another reason for the decrease in ransom payments is the impact of law enforcement actions. Several ransomware groups that were prolific in 2023 and the first half of 2024 were not as active in the second half of the year. LockBit is one such case. The United Kingdom’s National Crime Agency, the U.S. Federal Bureau of Investigation, and law enforcement entities in Canada, Japan, and Australia, collaborated in Operation Cronos to seize data and websites associated with LockBit in February 2024.

Effectiveness of Law Enforcement

That disruption seemed particularly effective, as payments to the criminals behind LockBit decreased by 79% in the second half of 2024. Similarly, ALPHV/BlackCat going dark in March 2024 after collecting $22 million from Change Healthcare left "a void" in the second half of 2024, Chainalysis said.

Lack of a Vacuum Effect

When a large group leaves the cybercrime ecosystem — either after a law enforcement disruption or voluntarily shutting down operations — there usually is a slight dip in activity and then another group ramps up activities to fill that vacuum. However, that didn’t happen in 2024, Lizzie Cookson, a senior director of incident response at Coveware, told Chainalysis. "We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share…The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands."

Conclusion

The current ransomware ecosystem is showing signs of disruption and resilience. While law enforcement actions are impacting the ecosystem, the number of new ransomware groups is not filling the vacuum, and many are focusing on smaller markets with modest ransom demands.