US Treasury offers cautious optimism as ransomware payments decline

News
By published

The takedown of major players left a visible dent

Cyber crime and security vector concept showing a laptop, credit card and open padlock.
(Image credit: Shutterstock / Jozsef Bagota)
  • FinCEN reports ransomware activity dropped in 2024 after ALPHV and LockBit takedowns
  • 2023 was peak year with $1.1B in payments; 2024 saw 1,476 incidents and $734M paid
  • Collapsed gangs (ALPHV, LockBit, Black Basta) earned $790M; Akira remains most active, targeting finance, manufacturing, and healthcare

The takedown of ALPHV and LockBit ransomware gangs made a solid dent in the overall performance of ransomware operations last year.

This is according to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) which recently said that after all-time highs in 2023, the number of ransomware infections and paid ransoms declined in 2024.

In its “Financial Trend Analysis” paper, it confirmed that between 2013 and 2021, there were 3,075 reported cases of ransomware infections, with victims paying $2.4 billion in ransom demands.

Catch the price drop- Get 30% OFF for Enterprise and Business plans

Catch the price drop- Get 30% OFF for Enterprise and Business plans

The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. It’s valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer.

View Deal

Three key players out of the picture

Between January 2021 and December 2024, there were 4,194 such attacks, and $2.1 billion in payments. 2023 was peak year. That year, around $1.1 billion exchanged hands, which was a 77% increase compared to the year before. Some of the most active groups at the time were ALPHV (AKA BlackCat), Akira, LockBit, Black Basta, and Phobos.

That’s when law enforcement stepped in. Both ALPHV and LockBit were taken down, while Black Basta imploded after internal communications leaked. As a result, there were “just” 1,476 incidents in 2024 (down from 1,512 the year prior) and about $734 million in payments.

The median ransomware payment in 2023 was $174,000, significantly more than the $124,097 in 2022 and $155,257 in 2024.

The three groups that collapsed - ALPHV, LockBit, and Black Basta, raked in almost $790 million between them, during the analyzed time period. Akira, which is active today, was responsible for the largest number of attacks (376), while ALPHV and LockBit each had around 353. Financial services firms, manufacturing companies and the healthcare industry were the most targeted sectors.

Almost all of the payments (97%) were made in Bitcoin, which the gangs sent to unregulated cryptocurrency exchanges and tumbling/mixing services to launder.

Via The Record

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.