**FinCEN Data Reveals Alarming Spike in Ransomware Payments, Exceeding $4.5 Billion by 2024**

The Financial Crimes Enforcement Network (FinCEN) has released a disturbing report revealing that ransomware payments have skyrocketed to an unprecedented level, exceeding $4.5 billion by 2024. The data, which analyzed Bank Secrecy Act (BSA) reports filed from January 2022 to February 2025, paints a grim picture of the rapidly evolving cybersecurity threat landscape.

According to FinCEN's analysis, ransomware payments reported to the agency exceeded $1.1 billion in 2023 alone, marking a record year with 1,512 incidents. This represents a staggering 77% increase from 2022, when ransomware payments totaled around $630 million across 864 incidents.

The data also shows that while ransomware payments have increased significantly, the number of incidents has actually decreased slightly in 2024, with 1,476 reported cases and total payments dropping to approximately $734 million. However, this drop may be a temporary reprieve, as FinCEN warns that threat actors are likely adapting their tactics to evade detection.

FinCEN's analysis reveals that the median ransomware payment has shifted over the period, from $124,097 in 2022 to $175,000 in 2023 and $155,257 in 2024. Notably, most payments remain under $250,000, indicating that threat actors are opting for smaller-scale attacks.

The industries most affected by ransomware incidents were financial services, manufacturing, and healthcare, which collectively accounted for the majority of reported cases and total losses. FinCEN identified 267 unique ransomware variants during the review period, with ALPHV/BlackCat, Akira, LockBit, Phobos, and Black Basta emerging as leading threats.

Interestingly, FinCEN's analysis shows that TOR was the top communication channel used by threat actors (67%), followed closely by email (28%). Meanwhile, nearly all payments (97%) were made in Bitcoin, highlighting the cryptocurrency's continued use as a preferred medium for ransomware transactions.

The report also reveals that threat actors are laundering funds mainly through unhosted crypto wallets and CVC exchanges. This finding underscores the importance of implementing robust cybersecurity measures to prevent such illicit activities.

As FinCEN emphasizes, "ransomware is a complex cybersecurity problem requiring a variety of preventive, protective, and preparatory best practices." To mitigate this threat, the agency recommends utilizing resources available on CISA's StopRansomware.gov platform, which offers a comprehensive toolkit for reducing the risk of ransomware attacks.

As the threat landscape continues to evolve, it is essential that organizations and individuals remain vigilant in their cybersecurity efforts. By staying informed about the latest trends and best practices, we can work together to prevent the devastating consequences of ransomware attacks.

**Follow me on social media for the latest updates on cybersecurity threats and best practices:**

* Twitter: @securityaffairs * Facebook: [Your Facebook Handle] * Mastodon: [Your Mastodon Handle]