U.S. companies made more than $2 billion in ransomware payments between 2022 and 2024, nearly equaling the total ransoms paid in the previous nine years, according to a new report from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN).
The report, which looked at threat pattern and trend information identified in Bank Secrecy Act (BSA) filings, said that between Jan. 1, 2022 and Dec. 31, 2024, FinCEN received 7,395 BSA reports related to 4,194 ransomware incidents and totaling more than $2.1 billion in ransomware payments.
In the previous nine years, from 2013 to 2021, FinCEN received 3,075 BSA reports totaling approximately $2.4 billion in ransomware payments, the report said.
FinCEN notes that because its data is based on BSA filings, it is by nature incomplete, and indeed, the 4,194 ransomware incidents recorded by FinCEN between 2022 and 2024 is less than 40% of the nearly 11,000 ransomware attacks recorded in Cyble’s threat intelligence data over the same period.
ALPHV/BlackCat and LockBit Enforcement Actions Lowered Ransomware Payments
Ransomware incidents and payments reported to FinCEN reached an all-time high in 2023 of 1,512 incidents totaling approximately $1.1 billion in payments, an increase of 77 percent in payments from 2022. In 2024, incidents decreased slightly to 1,476 while total payments dropped to approximately $734 million.
FinCEN attributed the decline in ransomware payments in 2024 to law enforcement disruption of the ALPHV/BlackC
Source: https://thecyberexpress.com/ransomware-payments-fell-after-law-enforcement/
U.S. Department of Transportation cybersecurity rating report: https://www.rankiteo.com/company/usdot
"id": "USD1765223885",
"linkid": "usdot",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': None,
'location': 'United States',
'name': 'U.S. companies (general)',
'size': None,
'type': 'Multiple'}],
'data_breach': {'data_encryption': 'Yes (ransomware-related)',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'U.S. companies made more than $2 billion in '
'ransomware payments between 2022 and 2024, '
'nearly equaling the total ransoms paid in the '
'previous nine years, according to a report from '
'the U.S. Treasury’s Financial Crimes Enforcement '
'Network (FinCEN). The report analyzed Bank '
'Secrecy Act (BSA) filings and identified 4,194 '
'ransomware incidents with total payments '
'exceeding $2.1 billion.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': '$2.1 billion (2022-2024)',
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (report published)',
'lessons_learned': 'Law enforcement disruption of major '
'ransomware groups (e.g., ALPHV/BlackCat, '
'LockBit) can significantly reduce ransomware '
'payments.',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Enhanced law '
'enforcement '
'actions '
'against '
'ransomware '
'groups, '
'improved BSA '
'reporting, and '
'potential '
'regulatory '
'reforms.',
'root_causes': 'Proliferation of '
'ransomware-as-a-service '
'(RaaS) models, lack '
'of robust '
'cybersecurity '
'measures in some '
'organizations, and '
'financial incentives '
'for threat actors.'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': '$2.1 billion (2022-2024)',
'ransomware_strain': ['ALPHV/BlackCat',
'LockBit']},
'references': [{'date_accessed': None,
'source': 'U.S. Treasury’s Financial Crimes '
'Enforcement Network (FinCEN)',
'url': None},
{'date_accessed': None,
'source': 'Cyble’s threat intelligence data',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': 'Bank Secrecy '
'Act (BSA) '
'reporting '
'requirements',
'regulatory_notifications': 'Yes '
'(FinCEN '
'report)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Yes (FinCEN and other '
'agencies)',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': ['ALPHV/BlackCat', 'LockBit'],
'title': 'U.S. Companies Ransomware Payments (2022-2024)',
'type': 'Ransomware'}}