FinCEN Warns Ransomware Payouts Have Surged Past $2.1 Billion in Just Three Years

Key Takeaways

• Record Payments in 2023: Reported ransomware payments hit $1.1 billion, which is the highest annual total to date.
• Three-Year Exposure: More than $2.1 billion in ransomware payments were reported from 2022 through 2024.
• Targeted Sectors: Financial services, manufacturing, and healthcare faced the highest number of incidents and payment losses.
• Attacker Communication Methods: TOR-based messaging accounted for 67% of reported communication channels with victims.
• Dominant Variants: Ten leading ransomware groups drove approximately $1.5 billion in payments over the period.

Deep Dive

Ransomware has never been more costly. That’s the message from a new Financial Trend Analysis released Wednesday by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), which found that attackers drained more than $2.1 billion from victims between 2022 and 2024. The report examines ransomware activity by the date of each incident, offering the clearest look yet at how aggressively cybercriminals have scaled their extortion campaigns.

The risk isn’t abstract. According to FinCEN Director Andrea Gacki, financial institutions are on the front lines.

“By quickly reporting suspicious activity under the Bank Secrecy Act, they provide law enforcement with critical information to help detect cybersecurity trends that can damage our economy.” That visibility, she said, is key to protecting national security.

And the trends are sobering. 2023 marked the highest year on record, with 1,512 reported incidents, totaling $1.1 billion in payments. That reflects a 77% jump from 2022. The pace eased somewhat after law enforcement cracked down on two major ransomware groups, driving payments down to $734 million across 1,476 incidents in 2024. But even with the decline, the three-year total dwarfs what was seen in the nine years prior.

A Threat Spread Across the Economy

The analysis shows the financial and industrial backbone of the economy squarely in attackers’ sights.

• Manufacturing suffered 456 incidents, costing about $284.6 million.
• Financial services firms faced 432 incidents, totaling $365.6 million in reported payments.
• Healthcare organizations endured 389 incidents, adding up to $305.4 million.

The one thing those sectors have in common is operational urgency and data that keeps business, and people, alive and functioning, which also happens to be what ransomware groups value most.

Extortion at Scale

Median ransom payments climbed to $175,000 at their peak in 2023, up from $124,097 the previous year. Even as the median dipped slightly in 2024 (to $155,257) most payments remained under $250,000, a reminder that criminals know how to price pain for quick results.

Communication methods also reflect a continued push for anonymity. Two-thirds of incidents with reported details involved attackers reaching victims through TOR-based messaging portals. The rest used email or other encrypted channels.

FinCEN identified more than 200 ransomware variants tied to these incidents, but a small group continues to dominate. Notably, ALPHV/BlackCat, LockBit, Phobos, Black Basta, and Akira were among the most reported. In total, the 10 most lucrative variants were responsible for approximately $1.5 billion in payments, nearly three-quarters of the entire period’s losses.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.