




























Ransomware victims paid an estimated $813 million in 2024. Nearly 40 percent of that may have gone to actors in Russia, China and North Korea, according to new analysis from cybersecurity firm Heimdal.
Heimdal used recent telemetry, infrastructure tracing and ownership mapping to assess how ransomware revenue is likely distributed.
The $813 million figure comes from Chainalysis and remains the most current full-year total available.
These findings offer new visibility into where ransomware profits go and raise questions about what governments, infrastructure providers and regulators can do to disrupt their flow.
Heimdal’s analysis, based on internal telemetry, attack-source tracing and ownership mapping, shows how ransomware revenue moves through opaque networks and front entities.
If the 2024 $813 million ransomware payments were distributed proportionally, about $211 million would likely go to entities in Russia.
Russia, China and North Korea together could account for roughly 38 percent of total payouts.
Shell companies are often used to obscure operations.
One example is a German-addressed firm called Razi Network, which appears in European IP registry data but not in German business records, a sign of regulatory blind spots.
Similarly, North Korea’s APT38 group has been linked to operations from Panama-based IP ranges, showing how attackers exploit jurisdictions with weak oversight.
These entities often operate through a combination of national and transnational front companies.
Shell corporations and flexible address registries are frequently used to avoid attribution and delay enforcement efforts.
These findings highlight a core issue.
Ransomware thrives on cheap, accessible infrastructure and the ability to hide within global compliance loopholes.
The ransomware economy persists because several systemic gaps remain unresolved:
Reducing ransomware’s profitability means making attacks harder, riskier and more expensive to conduct.
Key actions include:
Inside organizations, defensive strategies such as network segmentation, least-privilege access and immutable backups can reduce attackers’ returns by limiting damage and denying ransom leverage.
When attacking is cheap and defending is costly, criminals have the advantage.
To change the calculus, governments, industry and enterprises must target the economic foundations of ransomware: ease of set-up, monetization and concealment.
Ransomware is not just a malware problem. It is a business-model problem. Addressing it requires raising operational costs until the payoff no longer outweighs the risk.
Morten Kjaersgaard is the Founder and Chairman of Heimdal®, a global leader in AI-powered cybersecurity. Under his leadership, Heimdal has grown from a startup in Copenhagen to a trusted security partner for over 16,000 organizations and more than 2,000 MSPs worldwide, defending against 260+ million cyber threats annually. With a sharp focus on unifying cybersecurity operations, Morten is recognized for his ability to align technical innovation with strategic business outcomes. His insights have shaped how organizations and partners alike approach risk reduction, compliance, and security maturity in an increasingly complex digital world. A respected voice in the industry, Morten frequently shares his expertise at international events and through media commentary—championing a more proactive, collaborative, and scalable model for cybersecurity success.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。