top of page

This site was designed with the

website builder. Create your website today.Start Now

Explain IT Again

Search

FinCEN data reveals surge in ransomware payments, with over $4.5B since 2013

Dec 9, 2025
1 min read

Key Findings

Ransomware payments reported to FinCEN exceeded $4.5 billion by 2024
2023 marked a record year with $1.1 billion in ransomware payments across 1,512 incidents
From 2022 to 2024, organizations reported 4,194 ransomware incidents and over $2.1 billion in payments
In comparison, from 2013 to 2021, FinCEN logged 3,075 reports totaling about $2.4 billion

Background

FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to February 2025. This data provides insights into the evolving ransomware landscape.

Ransomware Trends

Ransomware peaked in 2023 with 1,512 incidents and $1.1 billion paid, up 77% from 2022
In 2024, incidents dipped to 1,476 and payments dropped to about $734 million
Median ransomware payments shifted from $124,097 in 2022 to $175,000 in 2023, and $155,257 in 2024
Most payments were under $250,000

Targeted Sectors

Financial services, manufacturing, and healthcare faced the most incidents and highest total losses

Prominent Ransomware Variants

FinCEN identified 267 ransomware variants, with ALPHV/BlackCat, Akira, LockBit, Phobos, and Black Basta leading
Akira had the highest number of incidents (376), while ALPHV/BlackCat had the highest total dollar value of transactions (approximately $395.3 million)

Payment and Laundering Methods

97% of payments were made in Bitcoin
Threat actors laundered funds mainly through unhosted crypto wallets and CVC exchanges
TOR was the top communication channel (67%), followed by email (28%)

Conclusion

Ransomware remains a significant cybersecurity challenge, requiring a comprehensive approach to prevention, protection, and preparedness
CISA's StopRansomware.gov provides a centralized resource for government guidance on reducing ransomware risk

Sources

https://securityaffairs.com/185465/cyber-crime/fincen-data-shows-4-5b-in-ransomware-payments-record-spike-in-2023.html
https://x.com/evanderburg/status/1998191507342578063
https://www.darkreading.com/cyberattacks-data-breaches/us-treasury-45b-ransom-payments-2013

Recent Posts

Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

Dell RecoverPoint Flaw Exploited by China-Linked Hackers to Deploy GrimBolt Malware

Key Findings China-linked hacking group UNC6201 has been exploiting a zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines since at least 2024. The vulnerability is a hard

Notepad++ Fixes Vulnerability Used to Hijack Update System

Key Findings Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users The attack involved infrastructure-level compromise that allowed ma

Comments

bottom of page