The Financial Crimes Enforcement Network (FinCEN) issued a Financial Trend Analysis on ransomware incidents reflected in Bank Secrecy Act (BSA) filings for 2022–2024, identifying more than USD 2.1 billion in reported ransomware payments and shifting its analytical focus from filing date to the incident date of each attack. BSA data covered 7,395 reports linked to 4,194 ransomware incidents from January 2022 to December 2024. Reported activity peaked in 2023 with 1,512 incidents and USD 1.1 billion in payments, a 77% year-over-year increase in total payments from 2022; 2024 showed 1,476 incidents and USD 734 million in reported payments following law enforcement disruption of two high-profile ransomware groups. Median single-transaction amounts were USD 124,097 (2022), USD 175,000 (2023), and USD 155,257 (2024), with the most common payment range below USD 250,000. Manufacturing (456 incidents; about USD 284.6 million), financial services (432; about USD 365.6 million), and healthcare (389; about USD 305.4 million) were the most impacted industries; TOR accounted for 67% of reports specifying a communication method. FinCEN identified more than 200 reported ransomware variants, with Akira, ALPHV/BlackCat, LockBit, Phobos, and Black Basta among the most reported; the 10 variants with the highest cumulative payment amounts accounted for about USD 1.5 billion.
Financial Crimes Enforcement Network 2025-12-04
Financial Crimes Enforcement Network publishes ransomware trend analysis showing more than USD 2.1 billion in reported payments across 2022–2024
FinCEN released a Financial Trend Analysis on ransomware incidents from 2022 to 2024, revealing over USD 2.1 billion in reported payments. Based on Bank Secrecy Act filings, it noted a peak in 2023 with USD 1.1 billion in payments and identified manufacturing, financial services, and healthcare as the most affected sectors. FinCEN highlighted over 200 ransomware variants, with the top 10 accounting for approximately USD 1.5 billion in payments.