US Treasury Tracks $4.5B in Ransom Payments since 2013

Steven

US Treasury Tracks $4.5B in Ransom Payments since 2013

Summary

The US Treasury’s FinCEN report (released 4 Dec 2025) aggregates Bank Secrecy Act reports and shows BSA-covered organisations reported $4.5 billion in ransomware payments from 2013 through 2024. That includes more than $2.1 billion tied to 4,194 incidents reported between 1 Jan 2022 and 31 Dec 2024 (7,395 BSA reports). From 2013–2021 there were 3,075 reports totalling about $2.4 billion. The data is not exhaustive — it only covers incidents that entered the BSA reporting pipeline — but it clearly illustrates how ransomware grew, peaking in 2023 with $1.1 billion in payments (a 77% rise over 2022).

Key Points

  • FinCEN recorded $4.5 billion in reported ransomware payments spanning 2013–2024 (BSA-covered organisations).
  • Between 2022–2024 there were 7,395 BSA reports covering 4,194 incidents and more than $2.1 billion in payments.
  • 2023 was the high‑water mark: $1.1 billion in reported payments, a 77% increase versus 2022.
  • Industries most affected: financial services, manufacturing and healthcare.
  • Alphv/BlackCat was the single most impactful ransomware gang in the 2022–2024 window.
  • Cryptocurrencies dominated payments: Bitcoin accounted for roughly $2 billion across 3,489 payments; Monero took in $25.8 million from 55 payments.
  • Ransomware ecosystems evolved via RaaS, double‑extortion tactics, initial access brokers and targeting of poorly secured perimeter devices.
  • Signals of improvement: Coveware reported sharp drops in average/median payments and a fall in payment success rate (historical low of ~23%), suggesting defensive measures and law enforcement pressure are having effect.
  • Defensive essentials remain the same: timely patching, cold backups, phishing‑resistant authentication and tested incident response plans.

Why should I read this?

Short version: this report shows just how big and profitable ransomware became — and that 2023 was brutal. If you look after security, finance or operations, you want to know where the money flowed, which sectors were hammered and whether the trends are turning. We read it so you don’t have to — but don’t skim past the mitigation advice if you don’t want to be next.

Source

Source: https://www.darkreading.com/cyberattacks-data-breaches/us-treasury-45b-ransom-payments-2013