FinCEN Ransomware Data: 2024 Trends & Payments
- Reported ransomware incidents and payments declined significantly in 2024 after successful disruptions of major ransomware groups by U.S.and international law enforcement.
- Ransomware payments experienced a notable downturn in 2024, following a peak in 2023.
- In 2023, there were 1,512 reported ransomware incidents, resulting in a total of $1.1 billion in payments.
“`html
Ransomware Payments Plummet Following Law Enforcement disruptions
Table of Contents
Reported ransomware incidents and payments declined significantly in 2024 after successful disruptions of major ransomware groups by U.S.and international law enforcement.
Published: November 21, 2024
Decline in Ransomware Activity
Ransomware payments experienced a notable downturn in 2024, following a peak in 2023. The Financial Crimes Enforcement Network (FinCEN) announced this trend on November 21, 2024, in a press release detailing findings from its “Financial Trend Analysis: Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024”.
In 2023, there were 1,512 reported ransomware incidents, resulting in a total of $1.1 billion in payments. However, in 2024, these figures decreased to 1,476 incidents and $734 million in payments, respectively, according to the FinCEN report.
Key Disruptions Driving the Decline
The decrease in ransomware activity is directly linked to the disruption of two prominent ransomware groups: ALPHV/Blackcat and LockBit. The U.S. Department of Justice disrupted the ALPHV/Blackcat group in December 2023, while a joint operation by U.S. and U.K. authorities took down LockBit in February 2024. These operations involved seizing infrastructure, arresting key individuals, and disrupting the groups’ ability to operate.
ALPHV/Blackcat, known for its ransomware-as-a-service (RaaS) model, had been a significant threat actor, targeting organizations across various sectors. LockBit, another prolific RaaS operator, was responsible for numerous high-profile attacks globally. The takedowns of these groups represent a significant blow to the ransomware ecosystem.
The Role of Financial Institutions
FinCEN’s report underscores the critical role that banks and other financial institutions play in combating ransomware. These institutions are often the first to detect suspicious transactions related to ransomware payments and are required to report such activity to authorities under the Bank Secrecy Act.
According to FinCEN, financial institutions filed 4,584 Suspicious Activity reports (SARs) related to ransomware in 2023, and 3,781 in 2024 thru September 30th. These SARs provide valuable intelligence to law enforcement agencies investigating ransomware attacks.