More than $2 billion in payments from 4,000 ransomware incidents reported to Treasury in recent years

Steven

More than $2 billion in payments from 4,000 ransomware incidents reported to Treasury in recent years

Summary

Companies paid more than $2.1 billion to ransomware gangs from January 2022 to December 2024, according to a FinCEN study covering 4,194 incidents reported under the Bank Secrecy Act. The three-year total nearly matches the prior nine-year period. 2023 was the peak year with roughly $1.1bn in payments and the highest median ransom of $174,000; 2024 saw a fall in incidents and payments after law enforcement takedowns of major groups.

Key Points

  1. 4,194 ransomware incidents reported to FinCEN between 2022–2024, with cumulative payments of about $2.1bn.
  2. 2023 was the high-water mark: ~1,512 incidents and ~ $1.1bn in payments — a 77% increase from 2022.
  3. Top gangs tracked include ALPHV/BlackCat, Akira, LockBit, Black Basta and Phobos; ALPHV earned nearly $400m.
  4. The 10 variants with the largest cumulative payments account for $1.5bn of the total; Hive had the highest median incident value (~$411k).
  5. About 97% of ransom payments were made in Bitcoin, with many gangs using unregulated crypto exchanges to launder funds.
  6. Most-targeted sectors: financial services, manufacturing and healthcare.
  7. Law enforcement actions against ALPHV and LockBit correlated with decreases in incidents and payments in 2024.

Context and relevance

This FinCEN report gives officials, security teams and insurers hard metrics on the evolving ransomware ecosystem: who earns the most, which variants drive the largest payouts, and how crypto is used to move money. The data underline why defenders and policymakers are focused on disrupting crypto laundering, initial access vendors and high-profile gangs.

Why should I read this?

Short and blunt: if you look after risk, data or budgets, these numbers matter. They show who’s making the money, which sectors get hit hardest and how payouts trend year-to-year — great for quick briefings or deciding whether to dive into the full FinCEN report for operational detail.

Author style

Punchy — the article is driven by clear figures and named actors. If this is your space, read the detail; if not, this summary gives the essentials fast.

Source

Source: https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report