Ransomware is on the decline, according to a study the Treasury Department released Thursday, pointing to fewer attacks and payments following an all-time spike in activity in 2023.
The Financial Crimes Enforcement Network (FinCEN) report on ransomware trends concluded more positive development in payments — the critical and most visible layer of attacks that have fueled the rise of these financially-motivated crimes for years. Total payments slid 33% from about $1.1 billion in 2023 to $734 million last year, federal researchers found.
Cybercrime experts and authorities have consistently pointed to payments as the most important measure of ransomware activity, asserting that cutting off the main driver of these crimes provides the best chance for creating a lasting deterrence of future attacks.
Dwindling ransomware payments from 2023 to 2024 is a positive sign, but it’s too early to celebrate the shift as an enduring decline. Payments previously jumped 77% year-over-year in 2023 and total ransomware payments during the three-year period ending in December 2024 topped $2.1 billion.
The three-year payments total is just slightly below the $2.4 billion in ransomware payments FinCEN attributed to the previous nine-year period ending in 2021.
The number of victims confronting ransomware still remains a largely unchanged epidemic, according to the study based on Bank Secrecy Act data from organizations that reported attacks to FinCEN. Officials received reports of 1,476 ransomware attacks last year, a mere 2% decrease from 1,512 incidents in 2023.
The report concluded manufacturing, financial services and healthcare organizations were the most heavily impacted by ransomware attacks last year. The manufacturing industry reported 456 incidents associated with almost $285 million in payments.
Organizations in the financial services sector reported 432 incidents last year linked to nearly $366 million in payments, and the healthcare industry reported 389 attacks totaling about $305 million in payments, the report found.
Officials said they identified 267 unique ransomware variants between 2022 and 2024. ALPHV/BlackCat was the most heavily reported ransomware variant, followed by Akira, LockBit, Phobos and Black Basta.
FinCEN said 10 ransomware variants were responsible for a cumulative $1.5 billion in payments from 2022 to 2024.