Health-ISAC Hacking Healthcare 2-11-2025
This week, Health-ISAC®‘s Hacking Healthcare® checks in on the state of ransomware. In particular, we examine encouraging reports that suggest a significant drop off in ransomware payment resolution and total payment made to ransomware actors in the second half of 2024. In the action and analysis section, we examine how these findings may influence the discussion around ransom payment bans, increasing law enforcement collaboration, and a potential policy shift on offensive cyber operations.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
PDF Version: Hacking Healthcare 2.11.25
Size : 164.1 kB Format : PDF
Text Version:
Welcome back to Hacking Healthcare®.
The State of Ransomware and the Potential of “Offensive Cyber Operations”
From time to time, Hacking Healthcare likes to assess the ever-evolving state of ransomware, and an interesting new report from Chainalysis provides a good reason to do so. In addition to breaking down the highlights and trends found in the report, the Action & Analysis section takes an expanded look at how “offensive cyber operations” might augment the law enforcement portion of the report.
Chainalysis Report
-
- “The total volume of ransom payments decreased year-over-year (YoY) by approximately 35%”—down to $813.55M from $1.25B last year.
-
- The payment decrease was allegedly “driven by increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay.”
-
- Much of the decline comes as a result of significantly less payment activity in the last six months of the year.
-
- The disruption and collapse of major cybercriminal groups like LockBit and BlackCat/ALPHV, as well as the lack of a major player to fill the void that was created, have been major contributing factors.
-
- Blockchain and data leak site analysis suggested that more victims may be refusing to pay ransoms.
-
- “Thanks to improved cyber hygiene and overall resiliency, victims are increasingly able to resist demands and explore multiple options to recover from an attack.”
The report’s findings are roughly aligned with other reports on the ransomware landscape. Ransomware remediation firm Coveware’s most recent quarterly report[iii] also credited the success of law enforcement actions as a critical driver of lowered total ransomware costs. Coveware also elaborates on ransomware payment resolution rates, finding a “drop in the percentage of companies paying ransoms to an all-time low of 25%.”[iv]
Action & Analysis
**Included with Health-ISAC Membership**
[i] https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/
[ii] https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/
[iii] https://www.coveware.com/blog/2025/1/31/q4-report
[v] https://health-isac.org/health-isac-hacking-healthcare-1-17-2025/
[vi] https://www.coveware.com/blog/2025/1/31/q4-report
[vii] https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/
- Related Resources & News
- 4 healthcare tech trends to watch in 2025
- Top healthcare technology trends in 2025
- A Ransomware Attack Has Struck the New York Blood Center Amid Ongoing Shortages
- Health-ISAC whitepaper highlights cybersecurity responsibilities in medical device lifecycle, focuses on resilience
- Health-ISAC Hacking Healthcare 2-3-2025
- Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle
- Impacts of Proposed US Import Tariffs on the Global Health Sector
- NY Blood Center Attack Disrupts Suppliers in Several States
- 2025 Newsletter – February
- DeepSeek’s Security Risk Is A Critical Reminder For CIOs