Ransomware activity reached an all-time high in 2023, totaling more than 1,500 incidents and $1.1 billion in reported payments, before dropping the following year after two high-profile law enforcement takedowns.
The two critical law enforcement actions were the 2023 U.S.-led takedown of AlphV/BlackCat and the 2024 disruption of LockBit by U.S. and U.K. authorities, according to a new U.S. government study.
The report by the U.S. Treasury’s Financial Crimes Enforcement Network shows ransomware fell to 1,476 incidents in 2024, with reported payments reaching $734 million.
More than $2.1 billion in ransomware payments were reported between 2022 and 2024, according to the report.
The medium amount of a single ransomware transaction rose from $122,097 in 2022 to $155,257 in 2024, according to the report. The most common payment amount was less than $250,000 during the period.
AlphV/BlackCat was the most prevalent ransomware variant during the 2022–2024 period, according to the report. The other most reported variants included Akira, LockBit, Phobos and Black Basta.
Manufacturing, financial services and healthcare were the industries most impacted by ransomware. Manufacturing had 456 incidents totaling more than $284 million. Financial services had 432 incidents, totaling more than $365 million, and healthcare had 389 incidents, totaling $305 million in payments.
FinCen data is based on filings under the Bank Secrecy Act. FinCen analyzed BSA reports filed between January 2022 and February 2025 in order to identify ransomware trends.