Ransomware payments reported to the US Treasury’s Financial Crimes Enforcement Network (FinCEN) surpassed $4.5 billion by the end of 2024, with the highest levels reached in 2023.
FinCEN’s new Financial Trend Analysis report shows that more than $2.1 billion was paid to ransomware groups between 2022 and 2024, with $1.1 billion paid in 2023 alone.
Between 2013 and 2024, FinCEN received 10,470 Bank Secrecy Act (BSA) reports related to ransomware incidents. The majority of the reports, namely 7,395, came in between 2022 and 2023.
Between January 2022 and December 2024, 4,194 ransomware incidents were reported to FinCEN, with the highest number of attacks reported in 2023, at 1,512.
In 2024, 1,476 ransomware incidents were reported, and the ransomware payments totaled approximately $734 million.
“The median amount of a single ransomware transaction was $124,097 in 2022; $175,000 in 2023; and $155,257 in 2024. Between January 2022 and December 2024, the most common payment range was below $250,000,” FinCEN’s report (PDF) reads.
During the three-year period, organizations in the financial services, manufacturing, and healthcare sectors were affected the most by ransomware, followed by retail and legal services.
FinCEN says it identified 267 ransomware variants in the received reports, with Akira, ALPHV/BlackCat, LockBit, Phobos, and Black Basta being the most prevalent families.
Akira had the highest number of reported incidents, at 376, but ALPHV/BlackCat received the highest amount in payments, at roughly $395.3 million.
The report also shows that the Tor network remains the preferred method of communication for threat actors, followed by email, and that most ransomware groups prefer being paid in Bitcoin.
Related: Akira Ransomware Group Made $244 Million in Ransom Proceeds
Related: Inotiv Says Personal Information Stolen in Ransomware Attack
Related: Ransomware Attack Disrupts Local Emergency Alert System Across US
Related: Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack
