Companies made more than $2.1 billion in payments to ransomware gangs from January 2022 to December 2024, a U.S. government report revealed.
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) released a study last week covering 4,194 ransomware incidents that were reported through the Bank Secrecy Act over the three-year period.
The department noted that the figures from the three-year stretch nearly outpaced all of the reports and ransomware payments from the previous nine-year period of 2013 to 2021 — where they received 3,075 reports and saw approximately $2.4 billion in ransomware payments.
The report found that ransomware payments reached an all time high in 2023 with about $1.1 billion making its way into the hands of hackers — a 77% increase compared to 2022.
Of the 267 ransomware gangs tracked by the department, the ALPHV/BlackCat group was the most prevalent alongside Akira, LockBit, Black Basta and Phobos.
The report noted that following the law enforcement takedowns of ALPHV and LockBit, there were noticeable decreases in ransomware incidents in 2024. After seeing 1,512 incidents in 2023, there were 1,476 reported in 2024 that led to about $734 million in payments.
Throughout the report, 2023 stood out as a particularly damaging year for companies. The median ransomware payment peaked in 2023 at $174,000 — significantly more than the $124,097 in 2022 and $155,257 in 2024.
Ransomware gangs targeted financial services firms, manufacturing
Source: https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report
PROFICIO cybersecurity rating report: https://www.rankiteo.com/company/proficio-inc-
"id": "PRO1765231217",
"linkid": "proficio-inc-",
"type": "Ransomware",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': None,
'industry': 'Financial Services',
'location': None,
'name': None,
'size': None,
'type': 'Financial services firms'},
{'customers_affected': None,
'industry': 'Manufacturing',
'location': None,
'name': None,
'size': None,
'type': 'Manufacturing companies'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'date_publicly_disclosed': '2024-06-07',
'description': 'Companies made more than $2.1 billion in '
'payments to ransomware gangs from January 2022 '
'to December 2024, as revealed in a U.S. '
'government report by the Treasury Department’s '
'Financial Crimes Enforcement Network (FinCEN). '
'The report covers 4,194 ransomware incidents '
'reported through the Bank Secrecy Act over the '
'three-year period, nearly outpacing all reports '
'and payments from 2013 to 2021.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': '$2,100,000,000 (2022-2024)',
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': '$2,100,000,000 (2022-2024)',
'ransomware_strain': ['ALPHV/BlackCat',
'Akira',
'LockBit',
'Black Basta',
'Phobos']},
'references': [{'date_accessed': '2024-06-07',
'source': 'U.S. Treasury Department’s Financial '
'Crimes Enforcement Network (FinCEN)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': 'Bank Secrecy '
'Act',
'regulatory_notifications': 'Yes'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': ['ALPHV/BlackCat',
'Akira',
'LockBit',
'Black Basta',
'Phobos'],
'title': 'U.S. Government Report on Ransomware Payments '
'(2022-2024)',
'type': 'Ransomware'}