A new analysis from the U.S. Financial Crimes Enforcement Network reveals the dramatic expansion of ransomware over the past decade. By combining past reports with the most recent data, total known ransomware payments from 2013 through the end of 2024 now exceed $4.5 billion. This number reflects both earlier patterns and the intense surge in attacks recorded between 2022 and 2024.
According to FinCEN, financial institutions filed 7,395 reports between January 2022 and February 2025. These reports were linked to 4,194 ransomware incidents and documented more than 2.1 billion dollars in payments during the three-year review period.
The year 2023 was the most financially damaging ever recorded, with 1,512 attacks resulting in approximately $ 1.1 billion in ransom payments. That was a major jump from 2022, showing how quickly attackers increased their operations. Although 2024 saw a small drop in activity, victims still paid roughly 734 million dollars that year across 1,476 incidents.
When these recent amounts are added to the 2.4 billion dollars reported from 2013 to 2021, the total known global ransomware losses pass 4.5 billion dollars. The rapid rise in payments over the last three years shows how much more aggressive and coordinated ransomware groups have become.
FinCEN noted that several sectors continue to be hit hardest. Financial services, manufacturing, and healthcare faced some of the largest disruptions and financial losses, largely because criminals target organizations that depend on constant access to critical systems. Attackers also continued to rely on familiar tools and channels. Nearly all ransom payments were made in Bitcoin, with Monero used in some cases for added privacy. Many attackers used dark-web services on the TOR network to contact victims, issue demands, negotiate payments, and provide decryption instructions.
Even large law enforcement operations that disrupted groups like ALPHV or BlackCat and LockBit did not stop ransomware activity from spreading. New groups formed, older ones reorganized, and attacks continued throughout 2024.
FinCEN is urging businesses to improve their cybersecurity practices, pay close attention to suspicious activity, and report incidents immediately. The agency emphasized that stronger cooperation between companies, financial institutions, cybersecurity teams, and law enforcement is essential to slowing the growing wave of ransomware attacks worldwide.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
