FinCEN: Ransomware Incidents and Payments Dropped in 2024 After Law Enforcement Actions

By  |  December 4, 2025
 | 

Reported ransomware incidents and payments dropped in 2024 after law enforcement’s disruption of two high-profile ransomware groups, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) said Thursday (Dec. 4).

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    FinCEN announced this trend in a press release highlighting findings from its “Financial Trend Analysis: Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024.”

    Reported ransomware incidents and payments reached an all-time high in 2023, according to the release. There were 1,512 incidents and a total of $1.1 billion in payments that year.

    Following the disruption of the two ransomware groups, those figures declined in 2024 to 1,476 incidents and a total of $734 million in payments, per the release.

    The activities that drove this decline were the disruption of the ALPHV/Blackcat ransomware group by U.S. federal law enforcement in December 2023, and the disruption of the LockBit ransomware group by U.S. and U.K. authorities in February 2024, according to the report.

    “Banks and other financial institutions play a key role in protecting our economy from ransomware and other cyber threats,” FinCEN Director Andrea Gacki said in the release. “By quickly reporting suspicious activity under the Bank Secrecy Act, they provide law enforcement with critical information to help detect cybersecurity trends that can damage our economy.”

    Advertisement: Scroll to Continue

    During the three-year period covered by the report, from January 2022 through December 2024, the three industries most impacted by ransomware attacks were manufacturing, financial services and healthcare, according to the release.

    Those industries were the ones most affected by measures of both the most incidents and the highest amount of aggregate payments sent to ransomware actors, per the report.

    FinCEN also found that there were more than 200 ransomware variants; the most reported variants were Akira, ALPHV/BlackCat, LockBit, Phobos and Black Basta; and the 10 variants with the highest cumulative payouts accounted for $1.5 billion in payments, according to the release.

    The FBI’s Internet Crime Complaint Center (IC3) said in April that ransomware remained the top threat to U.S. infrastructure and that the number of complaints about that form of cyber threat had increased 9% in 2024 compared to 2023.

    Chainalysis said in August that during the first seven months of the year, the number of ransomware attacks declined, but the median ransom payment increased.


    Recommended

    FinCEN: Ransomware Incidents and Payments Dropped in 2024 After Law Enforcement Actions

    SoFi Aims to Raise $1.5 Billion to Fund Additional Business Opportunities

    Apple’s General Counsel and Government Affairs Head to Retire

    Prediction Market Polymarket Begins Rolling Out US App

    See More In: , , , , , , , , , , ,