According to a recent article in The Guardian, ransomware payments have dropped by over a third, totaling $813 million in 2024. This decline is thanks to more victims refusing to pay up and law enforcement cracking down on major ransomware groups like LockBit and BlackCat/ALPHV. It’s a positive trend as less money flowing to cybercriminals means less incentive to keep attacking. But before we declare victory, there’s another statistic that needs attention.
While payments are down, ransomware demands are actually increasing. In other words, more attacks are breaking through, but fewer victims are giving in. This tells us two things:
- Perimeter security alone isn’t stopping ransomware: Attackers are still breaching organisations.
- More businesses are recovering instead of paying: Backup and cyber recovery strategies are working.
This shift marks a critical turning point in how organisations respond to ransomware. It also has big implications for Managed Service Providers (MSPs) offering Cyber Recovery as a Service.
The Rise of Cyber Recovery Over Ransom Payments
A few years ago, many organisations felt they had no choice but to pay the ransom. Their backups weren’t up to scratch, recovery took too long, or their entire environment was compromised. But the drop in payments suggests that businesses are no longer finding themselves in a corner.
Instead, they’re investing in resilient backup environments and modern cyber recovery solutions. Secure vaults, air-gapped storage, immutable backups, and continuous recovery testing with platforms such as Predatar. These are the tools that are helping organisations say “no” to ransom demands.
This is exactly where MSPs providing Cyber Recovery as a Service (CRaaS) come in. The shift from paying ransoms to recovering effectively means that businesses:
- Need backup environments that can withstand ransomware: Traditional backup solutions alone aren’t enough. Cybercriminals now target backups first, encrypting or corrupting them before launching the attack. That’s why businesses need a dual-layered approach: continuous recovery and ransomware testing with tools like Predatar, combined with Secure Vaults that provide an isolated, immutable backup copy, ensuring attackers can’t compromise the last line of defence.
- Require recovery strategies that are tested and ready: It’s not enough to have backups; you need to be sure they’ll work when disaster strikes. Continuous testing for malware and recoverability ensures that organisations can get back up and running without scrambling.
- Are looking for experts to manage this complexity: Building an in-house cyber recovery capability is costly and difficult. That’s why businesses are turning to MSPs that specialise in CRaaS, offering fully managed, tested, and scalable recovery solutions.
What’s Next?
The drop in ransomware payments is a sign that businesses are getting smarter. They’re investing in recovery over ransom,a move that not only protects them financially but also undermines the ransomware economy.
For MSPs, this is an opportunity. As demand for proactive cyber recovery services grows, those who can provide a proven, automated, and tested recovery capability will become essential partners. Ransomware isn’t going away, but its power is weakening. And for the providers delivering real cyber resilience? The tide is turning in their favour.
