Governments Team Up

The reduction in ransomware payments seems to be a result of enhanced government actions against these operations. The Financial Trend Analysis attributed this largely to disruptions targeting two major hacking groups: ALPHV/Blackcat, which was hit in December 2023, and LockBit, which faced disruption in February 2024.

Since then, there have been further steps taken by governmental entities to hinder ransomware criminals from receiving payments. Last month, the U.S. Treasury Department, alongside Australia and the UK, announced sanctions against Media Land for its support of online ransomware activities. Simultaneously, sanctions were imposed on individuals linked to Aeza Group, which was found guilty of providing web hosting services to ransomware groups.

The UK is advancing plans to criminalize public entities’ payments to cybercriminals holding their data hostage and mandate businesses to notify the government before making any such payment. However, exemptions would apply in national security cases.

Local Efforts

Even smaller governments are contributing to this fight. Following a significant ransomware attack on Columbus, Ohio, mandated cybersecurity training for all employees and reporting of cyberattacks to the Ohio Department of Public Safety were introduced by the state in August 2024. Additionally, ransoms can only be paid with legislative body approval.

Similarly, New York State has implemented new rules requiring municipal and public authorities to report any cybersecurity incidents within 72 hours. Ransomware payments need to be reported within 24 hours to the New York State Division of Homeland Security and Emergency Services.