Arielle Waldman, Features Writer

April 19, 2025

Ransomware has become synonymous with cryptocurrency, but factors such as poor cyber hygiene and organizations' willingness to pay ransoms are what fuel the threat.

The number of recorded attacks and victims continues to climb following record-setting years for ransomware activity throughout 2023 and 2024. And the first few months of 2025 are on track to continue the upward trajectory. The pervasive threat has evolved significantly since the first recorded ransomware attack in 1989. Back then, attackers demanded ransom payments via traceable methods, such as standard mail and sending gift cards via SMS text messages. Nowadays, cryptocurrency — specifically Bitcoin — allows ransomware groups to request and receive ransoms in a far more anonymous and easier way.

While experts agree that cryptocurrency has helped fuel the ransomware threat to the alarming levels seen today and enables widespread activity, they say ransomware groups would survive just fine without the virtual currency.

Sanctions and Payment Bans

Ransomware activity skyrocketed over the past five years. In response, the infosec industry and government agencies focused on disrupting attackers' payment flow. The US government imposed sanctions against virtual currency exchanges and urged organizations to stop paying ransoms. However, many organizations examined their options and decided that paying was in their best interests.

Related:Industry Asks for Clarity on Proposed HIPAA Cybersecurity Rules

At the state level, North Carolina and Florida banned or placed restrictions on ransom payments. However, ransomware attacks in those states have not declined, notes Rebecca Moody, head of data research at Comparitech.

"They're always adapting, so they're still targeting those states," Mooday says. "I think it's clear that [not having access to cryptocurrency] wouldn't perturb them. They'd find a way around it."

And if the gangs don't collect their ransoms, they can still sell the organization's data that they had harvested.

Cyber Hygiene 'Needs to Grow Up'

Organizations' poor security protocols are a primary driver of ransomware. Despite ongoing alerts and issued guidance, security continues to fall short. For example, ransomware groups take advantage of enterprises that do not maintain adequate backup and recovery plans, which can lead to prolonged disruptions.

"Cryptocurrency is just a payment mechanism. I think the cyber hygiene of many companies has to grow up," says Christiaan Beek, senior director of threat analytics at Rapid7. "I think it's frustrating, from my perspective, being so long in the industry, you still have to share the same message, 'Use multifactor authentication. Use a strong password on your edge devices.' Now we have more people using AI. We're going to use these new technologies on top of a really weak foundation."

Related:New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers

Rapid7 tracked 80 active ransomware groups in the past quarter alone. There were clear top ransomware gangs in the past, but opportunistic ones continue to emerge. The bar to entry has also decreased with ransomware-as-a-service schemes and other attack tools available for criminals. Operators can hire lower-skilled affiliates as business booms.

Where there is money to be made, attackers will find a way to keep collecting it.

"These threat actors, especially now that this [ransomware] is such a big business, they would probably think of new ways besides cryptocurrency," says Mantas Sasnauskas, head of security research at Comparitech.

Death of Cryptocurrency Could Have Short-Term Effect

While ransomware gangs have proved to be adaptable to changing conditions and defenses, if the cryptocurrency market ever dissipated, it would have an effect — at least for a period of time.

"I would probably say at least half, if not more, of ransomware groups would falter," says Johnathon Miller, vice president of security operations at Lumifi. "A lot of those groups will be eliminated, or they're going to emerge and become smaller groups, until they have the ability to combat and find a different path forward."

Related:'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

Ways to combat ransomware — such as not paying ransoms and improving cyber hygiene — fall on the victim organizations to enforce. However, implementing cryptocurrency regulations could help curb threat actors' ability to scale operations that have grown out of control. More importantly, it could aid in tracking ransomware gangs and help expose the ringleaders.

"If we're able to get our hands in [the cryptocurrency market] and get a little more regulated in that sense, it would force them to go back to kind of that native way," Miller says. "They will find a way, but it definitely will impact operations."

About the Author

Arielle Waldman

Features Writer , Dark Reading

Arielle Waldman is a Boston-based features writer for Dark Reading covering all things cybersecurity.