top of page

This site was designed with the

website builder. Create your website today.Start Now

Explain IT Again

Search

FinCEN data reveals surge in ransomware payments, with over $4.5B since 2013

Dec 9, 2025
1 min read

Key Findings

Ransomware payments reported to FinCEN exceeded $4.5 billion by 2024
2023 marked a record year with $1.1 billion in ransomware payments across 1,512 incidents
From 2022 to 2024, organizations reported 4,194 ransomware incidents and over $2.1 billion in payments
In comparison, from 2013 to 2021, FinCEN logged 3,075 reports totaling about $2.4 billion

Background

FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to February 2025. This data provides insights into the evolving ransomware landscape.

Ransomware Trends

Ransomware peaked in 2023 with 1,512 incidents and $1.1 billion paid, up 77% from 2022
In 2024, incidents dipped to 1,476 and payments dropped to about $734 million
Median ransomware payments shifted from $124,097 in 2022 to $175,000 in 2023, and $155,257 in 2024
Most payments were under $250,000

Targeted Sectors

Financial services, manufacturing, and healthcare faced the most incidents and highest total losses

Prominent Ransomware Variants

FinCEN identified 267 ransomware variants, with ALPHV/BlackCat, Akira, LockBit, Phobos, and Black Basta leading
Akira had the highest number of incidents (376), while ALPHV/BlackCat had the highest total dollar value of transactions (approximately $395.3 million)

Payment and Laundering Methods

97% of payments were made in Bitcoin
Threat actors laundered funds mainly through unhosted crypto wallets and CVC exchanges
TOR was the top communication channel (67%), followed by email (28%)

Conclusion

Ransomware remains a significant cybersecurity challenge, requiring a comprehensive approach to prevention, protection, and preparedness
CISA's StopRansomware.gov provides a centralized resource for government guidance on reducing ransomware risk

Sources

https://securityaffairs.com/185465/cyber-crime/fincen-data-shows-4-5b-in-ransomware-payments-record-spike-in-2023.html
https://x.com/evanderburg/status/1998191507342578063
https://www.darkreading.com/cyberattacks-data-breaches/us-treasury-45b-ransom-payments-2013

Recent Posts

Hidden Passenger: Taboola's Routing of Authenticated Banking Sessions to Temu Exposed

Key Findings A European bank's approved Taboola pixel silently redirected authenticated users to a Temu tracking endpoint without bank knowledge or user consent The redirect chain exploited "first-hop

PowMix Botnet Targets Czech Workforce with Randomized Command-and-Control Traffic

Key Findings PowMix botnet has been actively targeting Czech workforce since at least December 2025 with previously undocumented malware Campaign uses randomized C2 beaconing intervals and encrypted h

Cisco Patches Critical Vulnerabilities in Identity Services Engine and Webex Platforms

Key Findings Cisco patched four critical vulnerabilities in Identity Services Engine and Webex with CVSS scores ranging from 9.8 to 9.9 CVE-2026-20184 allows unauthenticated attackers to impersonate a

Comments

bottom of page