Digital scammers and extortionists bilked businesses and individuals in the US out of a “staggering” $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.
Also in 2024: Ransomware again posed the biggest threat to critical infrastructure organizations, with the number of complaints to the IC3 increasing nine percent compared to the year prior.
“These rising losses are even more concerning because last year, the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed,” wrote B. Chad Yarbrough, the FBI’s operations director for criminal and cyber, in the 2024 IC3 report [PDF] out now.
Yarbrough cited the “serious blow” the Feds dealt to LockBit, and the “thousands” of decryption keys that the federal cops have made available to ransomware victims since 2022.
And yet the scourge continues.
America’s cyber defenses are being dismantled from the inside
The FBI and IC3 track extortion and ransomware as two separate categories, and in 2024 extortion was the second-most frequently reported cybercrime overall with 86,415 complaints. For comparison, the top crime type last year, phishing and spoofing, generated 193,407 complaints. Ransomware was further down the list with 3,156 reports. But that’s up from 2,825 incidents in 2023, and 2,385 in 2022.
The report found Americans lost $143.2 million to extortion scams and $12.5 million after ransomware infections. The FBI noted that the ransomware losses may be under-reported, and do not include the financial impact of lost business, time, wages, files, equipment, or third-party incident response and remediation services brought in to clean up the mess.
“In some cases, entities do not report any loss amount to FBI, thereby creating an artificially low overall ransomware loss rate,” the report adds. “Lastly, the number only represents what entities report to FBI via IC3 and does not account for the entity directly reporting to FBI field offices/agents.”
Top 5 targeting critical orgs
America’s critical infrastructure operators reported almost 4,900 cybersecurity threats last year, with ransomware (1,403 complaints) topping the list. The five most reported ransomware variants: Akira, LockBit, RansomHub, Fog, and PLAY.
LockBit’s top spot on the FBI list echoes the findings of Cisco Talos’ most recent year in review report, which also credited LockBit as the most active ransomware-as-a-service (RaaS) group, accounting for 16 percent of the claimed attacks in 2024.
“For us, that’s pretty remarkable, given how dynamic that space is where you’re seeing groups you shut down, or rebrand, or new groups emerge, or law enforcement action being taken,” Kendall McKay, strategic lead at Talos, told The Register, in an earlier interview. “To see LockBit stay at the top for such a long time really caught our attention this year.”
The Talos report noted that LockBit’s builder software – a tool used to create custom versions of the malware – was leaked in September 2022, and this likely contributed to the ransomware’s prevalence.
Two of the other biggest threats in 2024 also trace some of their success to the LockBit takedown.
Security researchers suspect both Akira and RansomHub (believed to be a Knight ransomware rebrand) both benefited from the LockBit and ALPHV/BlackCat disruption, recurring those crews’ top talent into their own affiliate rosters.
In addition to the tried-and-true malware families, IC3 recorded 67 new ransomware variants in 2024, with the most reported being Fog, Lynx, Cicada 3301, Dragonforce, and Frag.
There is a slight silver lining in the report’s ransomware statistics. While complaints have been on the rise, costs have dropped. In 2024, reported ransomware losses reported to IC3 totaled $12.5 billion, compared to $59.6 billion in 2023 and $34.4 billion in 2022. ®