Ransomware payments dropped 35 percent in 2024 as victims resist hackers demands. Treasury's DOGE access sparks a national security crisis as contractors sound the alarm. And, will you have recovery with that? This is Cyber Security Today, I'm your host Jim Love. Global ransomware payments plummeted to 813 million in 2024, down from 2023's record high of 1. 25 billion, marking a significant shift in the cybersecurity landscape.
The decline comes despite high profile attacks on organizations like Krispy Kreme and NHS Trusts, suggesting a turning point in how victims respond to digital extortion, at least according to new data from Chainalysis, the drop was particularly sharp in the second half of 2024 following major law enforcement actions against the notorious ransomware groups like lock bit and black cat ALPH-V. The decline represents more than just improved defenses.
It signals a growing resistance to paying ransoms, with actual payments running 53 percent lower than amounts demanded by attackers.
For years now, the cybersecurity landscape seemed hurtling towards a so called ransomware apocalypse, according to Jacqueline Burns Koven, head of cyber threat intelligence at Chainalysis According to new data from Chainalysis, the drop was particularly sharp in the second half of 2024 following major law enforcement actions against notorious ransomware groups like Lockbit and Black Cat ALPH-V. The decline represents more than just improved defenses.
It signals a growing resistance to paying ransoms with actual payments running 53 percent lower than amounts demanded by attackers. For years now, The cybersecurity landscape seemed hurtling towards so called ransomware apocalypse, according to Jacqueline Burns Koven, Head of Cyber Threat Intelligence at Chainalysis. The sharp decline speaks to the effectiveness of law enforcement actions, improved international collaboration, and a growing refusal by victims to cave into attackers demands.
The shift has reshaped the ransomware ecosystem with newer groups targeting smaller organizations for more modest sums. However, experts warn that the progress remains fragile. While payments are down, the number of reported incidents on dark web leak sites hit an all time high, suggesting attackers are simply finding fewer victims willing to pay. Others have warned that it's only a matter of time until ransomware groups reassemble or are replaced by other large players.
Man, I try to stay away from politics, but this is one of the biggest security exposures in U. S. history, and we have to cover it. The crisis began when Treasury Secretary Scott Bessent granted two DOGE employees read only access to the department's payment system in January of this year.
The decision immediately triggered alarm bells across the intelligence community, culminating in a federal judge in Manhattan issuing a preliminary injunction barring DOGE from accessing Treasury databases containing personally identifiable information. The situations grew more complex as details emerged about the DOGE team members backgrounds. Edward Coristine, a 19 year old DOGE member, was previously fired from Path Network for leaking company secrets.
According to Bloomberg News, Coristine later bragged on Discord about retaining access to his former employer's systems, stating that he had access to every single machine, but never exploited it, because it's just not me. Adding to the controversy, Booz Allen Hamilton dismissed a subcontractor who authored a draft report warning that DOGE's access posed an unprecedented insider threat risk to government secrets.
The draft report was prepared by a subcontractor to Booz Allen and contained unauthorized personal opinions that are not factual or consistent with our standards. The company stated Friday night announcing that they would seek to have the report amended or retracted. Oh my God. If you trust a report from Booz Allen after that, I'm just sorry for you. The broader implications of this security breach are particularly concerning for intelligence operations.
The Treasury Department payment systems contain sensitive information about payments to human intelligence sources working for the CIA and the DIA. These assets, operating both domestically and abroad, could face life threatening risks if their identities were exposed through the payment data. Well, tart that one up a Booz Allen. A recent on call column from the register told a story about the dangers of untested backup systems.
A senior developer and help desk technician, we'll call him Lionel, inherited responsibility for managing backups for a mainframe software development team. What he uncovered was a ticking time bomb. His predecessor, we'll call him Richard, had been diligently performing daily backups onto 8mm tapes, but he had never once verified them. Richard, when challenged, said his job was to ensure backups were taken, not to check whether they were usable.
And he had checked that they had, indeed, completed successfully. So Lionel attempted a test restore, and he found the tapes unreadable. Years of backup had been rendered useless due to a lack of maintenance. And sadly, this story rings so true. When Lionel did manage to get a replacement for the now useless backup recording device, and at least to recover some of the backup archive, he was not rewarded. He was questioned for the additional expense.
Now, if this seems like fiction, you've never been in a data center watching a restore when the tape whips by in less than a minute because it's blank. Or you've never gotten caught where a supposed fail proof backup was missing a critical component which made the backup unrestorable. For years after that, this person, let's call him Jim insisted on surprise inspections, where at any time the staff could be asked to restore any of our systems to a functional state.
And I am sure that they got very tired of hearing my line. Oh, sorry, a Jim's line that backups were useless. All that counts are restores. So this is what you're doing. I salute you. I hope you didn't have to learn the hard way, but if you think this is overkill, I can only say, I hope you never have to learn the hard way, but I won't feel sorry for you. When you order a backup, it should come with recovery included. It shouldn't be an extra. And that's our show.
You can reach me with comments, questions, or stories of your experience at editorial at technewsday. ca or on LinkedIn, or if you're watching this on YouTube, just leave a comment under the video. I'm your host, Jim Love. Thanks for listening.