Ransomware attacks increased substantially in 2023 showing a 55% increase in victims worldwide and reaching 5,070 cases. While Q4 2023 erupted with 1309 cases, Q1 2024 saw a 22% decrease. The Hacker News gives two main reasons for last quarter’s dip in ransomware cases.

Reason 1: Law Enforcement Intervention.
The Hacker News postulates that one of the main reasons for the dip in ransomware attacks is due to law enforcement action from multiple countries and through high level operations, such as Operation Cronos in February against Lockbit and the FBI takedown of ALPHV/Blackcat in December. In Q1 2024, ALPHV were behind 51 ransomware attacks, a significant drop from the 109 attacks in Q4 2023. Although these threat actors are still active in 2024, the data suggests that law enforcement action may have had an impact, but it’s likely too early to tell if any of this will deter future attacks in the long run.

Reason 2: Decreases in Ransom Payments.
Another main reason for the dip is attributed to a drop in victims’ ransom payments. The last quarter of 2023 saw the proportion of victims complying with ransom demands plummet to an all-time low of 29%, as seen from data gleaned from ransomware negotiation firm Coveware. The decline in payments is attributed to several factors such as skepticism among cybercriminals’ assurances not to disclose pilfered data, legal constraints in regions where ransom payments are prohibited, and enhanced preparedness among organizations.

While 2024 has shown good signs toward the decline of ransomware, there are still new emerging groups that haven’t yet made up the difference. Unless the above trends continue in a positive direction, the dip in ransomware attacks is unlikely to continue. For more information, access The Hacker News.