A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs.
From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports show that organizations paid more than $2.1 billion in ransom payments, nearly reaching the total reported over 8 years from 2013 to 2021.
In total, from 2013 through 2024, FinCEN tracked approximately $4.5 billion in payments to ransomware gangs.
Law enforcement operations show impact
According to the report, 2023 was the best year for ransomware gangs, with victims reporting 1,512 individual incidents and approximately $1.1 billion in ransom payments, a 77 percent increase from 2022.
However, both stats fell in 2024, with a slight dip to 1,476 incidents, but a dramatic decrease to $734 million in payments. This decrease is believed to be due to law enforcement operations targeting BlackCat in 2023 and LockBit at the beginning of 2024.
Both of these ransomware gangs were the most active at the time of disruption, with the threat actors moving to new operations or struggling to relaunch.
FinCEN says the amount paid varied, with most ransom payments below $250,000. The analysis also showed that manufacturing, financial services, and healthcare suffered the most ransomware attacks, with fina
UN Multi-Partner Trust Fund Office cybersecurity rating report: https://www.rankiteo.com/company/un-multi-partner-trust-fund-office
"id": "UN-1765231768",
"linkid": "un-multi-partner-trust-fund-office",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': None,
'industry': ['Manufacturing',
'Financial Services',
'Healthcare'],
'location': None,
'name': None,
'size': None,
'type': 'Organization'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'A report by FinCEN documents 4,194 ransomware '
'incidents between January 2022 and December '
'2024, with over $2.1 billion in ransom payments. '
'The peak occurred in 2023 with $1.1 billion in '
'payments, followed by a decline in 2024 due to '
'law enforcement actions targeting ALPHV/BlackCat '
'and LockBit ransomware gangs.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': '$4.5 billion (2013-2024)',
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'lessons_learned': 'Law enforcement actions targeting ransomware '
'gangs can significantly reduce ransomware '
'activity and payments.',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Law '
'enforcement '
'disruptions, '
'enhanced '
'monitoring, '
'and improved '
'incident '
'response '
'strategies.',
'root_causes': 'Proliferation of '
'ransomware-as-a-service '
'(RaaS) models, '
'exploitation of '
'vulnerabilities, and '
'lack of robust '
'cybersecurity '
'defenses.'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': '$2.1 billion (2022-2024)',
'ransomware_strain': ['ALPHV/BlackCat',
'LockBit']},
'recommendations': 'Organizations should enhance cybersecurity '
'measures, report incidents to authorities, '
'and avoid paying ransoms to disrupt the '
'ransomware economy.',
'references': [{'date_accessed': None,
'source': 'Financial Crimes Enforcement Network '
'(FinCEN)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Yes',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': ['ALPHV/BlackCat', 'LockBit'],
'title': 'Global Ransomware Surge and Decline (2022-2024)',
'type': 'Ransomware'}