Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI
(2025/04/24)
- Reference: 1745455907
- News link: https://www.theregister.co.uk/2025/04/24/ransomware_scum_and_other_crims/
- Source link:
Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.
Also in 2024: Ransomware again posed the biggest threat to critical infrastructure organizations, with the number of complaints to the IC3 increasing nine percent compared to the year prior.
"These rising losses are even more concerning because last year, the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed," wrote B. Chad Yarbrough, the FBI's operations director for criminal and cyber, in the 2024 IC3 report
[2]
Yarbrough cited the "serious blow" the Feds [3]dealt to LockBit , and the "thousands" of [4]decryption keys that the federal cops have made available to ransomware victims since 2022.
[5]
[6]
And yet the scourge continues.
America's cyber defenses are being dismantled from the inside [7]READ MORE
The FBI and IC3 track extortion and ransomware as two separate categories, and in 2024 extortion was the second-most frequently reported cybercrime overall with 86,415 complaints. For comparison, the top crime type last year, phishing and spoofing, generated 193,407 complaints. Ransomware was further down the list with 3,156 reports. But that's up from 2,825 incidents in 2023, and 2,385 in 2022.
The report found Americans lost $143.2 million to extortion scams and $12.5 million after ransomware infections. The FBI noted that the ransomware losses may be under-reported, and do not include the financial impact of lost business, time, wages, files, equipment, or third-party incident response and remediation services brought in to clean up the mess.
"In some cases, entities do not report any loss amount to FBI, thereby creating an artificially low overall ransomware loss rate," the report adds. "Lastly, the number only represents what entities report to FBI via IC3 and does not account for the entity directly reporting to FBI field offices/agents."
Top 5 targeting critical orgs
America's critical infrastructure operators reported almost 4,900 cybersecurity threats last year, with ransomware (1,403 complaints) topping the list. The five most reported ransomware variants: Akira, LockBit, RansomHub, Fog, and PLAY.
LockBit's top spot on the FBI list echoes the findings of Cisco Talos' most recent year in review report, which also credited LockBit as the most active ransomware-as-a-service (RaaS) group, accounting for 16 percent of the claimed attacks in 2024.
[8]
"For us, that's pretty remarkable, given how dynamic that space is where you're seeing groups you shut down, or rebrand, or new groups emerge, or law enforcement action being taken," Kendall McKay, strategic lead at Talos, told The Register , in an [9]earlier interview . "To see LockBit stay at the top for such a long time really caught our attention this year."
[10]How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise
[11]Ransomware crews add 'EDR killers' to their arsenal – and some aren't even malware
[12]Fog ransomware channels Musk with demands for work recaps or a trillion bucks
[13]Who needs phishing when your login's already in the wild?
The Talos report noted that LockBit's builder software – a tool used to create custom versions of the malware – was leaked in September 2022, and this likely contributed to the ransomware's prevalence.
Two of the other biggest threats in 2024 also trace some of their success to the LockBit takedown.
Security researchers suspect both [14]Akira and [15]RansomHub (believed to be a [16]Knight ransomware rebrand ) both benefited from the [17]LockBit and [18]ALPHV/BlackCat disruption, recurring those crews' top talent into their own affiliate rosters.
In addition to the tried-and-true malware families, IC3 recorded 67 new ransomware variants in 2024, with the most reported being [19]Fog , Lynx, [20]Cicada 3301 , Dragonforce, and Frag.
[21]
There is a slight silver lining in the report's ransomware statistics. While complaints have been on the rise, costs have dropped. In 2024, reported ransomware losses reported to IC3 totaled $12.5 billion, compared to $59.6 billion in 2023 and $34.4 billion in 2022. ®
Get our [22]Tech Resources
[1] https://regmedia.co.uk/2025/04/23/2024_fbi_ic3report.pdf
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2024/05/07/alleged_lockbit_kingpin_charged_sanctioned/
[4] https://www.theregister.com/2023/12/19/blackcat_domain_seizure/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/04/23/trump_us_security/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/
[10] https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
[11] https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/
[12] https://www.theregister.com/2025/04/22/fog_ransomware_musk/
[13] https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/
[14] https://www.theregister.com/2024/10/22/akira_encrypting_again/
[15] https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
[16] https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/
[17] https://www.theregister.com/2024/05/22/lockbit_dethroned_as_leading_ransomware/
[18] https://www.theregister.com/2024/09/04/cicada_ransomware_blackcat_links/
[19] https://www.theregister.com/2025/04/22/fog_ransomware_musk/
[20] https://www.theregister.com/2024/09/04/cicada_ransomware_blackcat_links/
[21] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[22] https://whitepapers.theregister.com/
Also in 2024: Ransomware again posed the biggest threat to critical infrastructure organizations, with the number of complaints to the IC3 increasing nine percent compared to the year prior.
"These rising losses are even more concerning because last year, the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed," wrote B. Chad Yarbrough, the FBI's operations director for criminal and cyber, in the 2024 IC3 report
[1]PDF
out now.[2]
Yarbrough cited the "serious blow" the Feds [3]dealt to LockBit , and the "thousands" of [4]decryption keys that the federal cops have made available to ransomware victims since 2022.
[5]
[6]
And yet the scourge continues.
America's cyber defenses are being dismantled from the inside [7]READ MORE
The FBI and IC3 track extortion and ransomware as two separate categories, and in 2024 extortion was the second-most frequently reported cybercrime overall with 86,415 complaints. For comparison, the top crime type last year, phishing and spoofing, generated 193,407 complaints. Ransomware was further down the list with 3,156 reports. But that's up from 2,825 incidents in 2023, and 2,385 in 2022.
The report found Americans lost $143.2 million to extortion scams and $12.5 million after ransomware infections. The FBI noted that the ransomware losses may be under-reported, and do not include the financial impact of lost business, time, wages, files, equipment, or third-party incident response and remediation services brought in to clean up the mess.
"In some cases, entities do not report any loss amount to FBI, thereby creating an artificially low overall ransomware loss rate," the report adds. "Lastly, the number only represents what entities report to FBI via IC3 and does not account for the entity directly reporting to FBI field offices/agents."
Top 5 targeting critical orgs
America's critical infrastructure operators reported almost 4,900 cybersecurity threats last year, with ransomware (1,403 complaints) topping the list. The five most reported ransomware variants: Akira, LockBit, RansomHub, Fog, and PLAY.
LockBit's top spot on the FBI list echoes the findings of Cisco Talos' most recent year in review report, which also credited LockBit as the most active ransomware-as-a-service (RaaS) group, accounting for 16 percent of the claimed attacks in 2024.
[8]
"For us, that's pretty remarkable, given how dynamic that space is where you're seeing groups you shut down, or rebrand, or new groups emerge, or law enforcement action being taken," Kendall McKay, strategic lead at Talos, told The Register , in an [9]earlier interview . "To see LockBit stay at the top for such a long time really caught our attention this year."
[10]How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise
[11]Ransomware crews add 'EDR killers' to their arsenal – and some aren't even malware
[12]Fog ransomware channels Musk with demands for work recaps or a trillion bucks
[13]Who needs phishing when your login's already in the wild?
The Talos report noted that LockBit's builder software – a tool used to create custom versions of the malware – was leaked in September 2022, and this likely contributed to the ransomware's prevalence.
Two of the other biggest threats in 2024 also trace some of their success to the LockBit takedown.
Security researchers suspect both [14]Akira and [15]RansomHub (believed to be a [16]Knight ransomware rebrand ) both benefited from the [17]LockBit and [18]ALPHV/BlackCat disruption, recurring those crews' top talent into their own affiliate rosters.
In addition to the tried-and-true malware families, IC3 recorded 67 new ransomware variants in 2024, with the most reported being [19]Fog , Lynx, [20]Cicada 3301 , Dragonforce, and Frag.
[21]
There is a slight silver lining in the report's ransomware statistics. While complaints have been on the rise, costs have dropped. In 2024, reported ransomware losses reported to IC3 totaled $12.5 billion, compared to $59.6 billion in 2023 and $34.4 billion in 2022. ®
Get our [22]Tech Resources
[1] https://regmedia.co.uk/2025/04/23/2024_fbi_ic3report.pdf
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2024/05/07/alleged_lockbit_kingpin_charged_sanctioned/
[4] https://www.theregister.com/2023/12/19/blackcat_domain_seizure/
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/04/23/trump_us_security/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/
[10] https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
[11] https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/
[12] https://www.theregister.com/2025/04/22/fog_ransomware_musk/
[13] https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/
[14] https://www.theregister.com/2024/10/22/akira_encrypting_again/
[15] https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
[16] https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/
[17] https://www.theregister.com/2024/05/22/lockbit_dethroned_as_leading_ransomware/
[18] https://www.theregister.com/2024/09/04/cicada_ransomware_blackcat_links/
[19] https://www.theregister.com/2025/04/22/fog_ransomware_musk/
[20] https://www.theregister.com/2024/09/04/cicada_ransomware_blackcat_links/
[21] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aAm3a1s9Y8CBTdjUR5ggngAAAVE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[22] https://whitepapers.theregister.com/
Good job...
...the US government is doubling down in counteracting this threat by increasing spending and staffing in the cyber security teams.....
....Ahhhh.