Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
According to the annual report from the FBI’s Internet Crime Complaint Center (IC3), ransomware was the biggest threat to critical infrastructure last year, with complaints up 9%.
More widely, the IC3 report revealed losses across the country from online crime climbed 33% on year to $16 billion in 2024. The top three crimes by number of complaints were phishing/spoofing, extortion, and personal data breaches.
However, investment fraud — specifically related to cryptocurrency — caused the most financial losses, at more than $6.5bn.
"These rising losses are even more concerning because last year, the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed," wrote B. Chad Yarbrough, operations director for criminal and cyber at the FBI, in the report.
"We dealt a serious blow to LockBit, one of the world’s most active ransomware groups. Since 2022, we have offered up thousands of decryption keys to victims of ransomware, avoiding over $800 million in payments."
The IC3 figures are based on reports from victims, but when it comes to ransomware companies may not admit they've fallen victim in order to quietly pay criminals to avoid negative publicity — or to avoid having to build ransomware resilience ahead of time to avoid paying out.
"Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams," said FBI Director Kash Patel.
"The IC3… is only as successful as the reports it receives; that’s why it’s imperative that the public immediately report suspected cyber-enabled criminal activity to the FBI."
Check Point reports record ransomware attacks
The FBI report comes as Check Point Research released data that showed global ransomware attacks were up 126% year on year, with the most attacks by the Cl0p ransomware gang, largely because of its mass disclosure of more than 300 victims related to its exploit of the Cleo file transfer software.
"The adjusted monthly average exceeds 650 victims, compared to ~450 per month throughout 2024," Check Point said in a blog post. "With Cl0p included, the average for Q1 rises to 760 per month — setting a new benchmark for ransomware activity."
The company admitted that it was difficult to pin down the number of victims, again due to the fact that some pay up rather than admit an attack. Similarly, the security firm noted that cyber criminals often overplay their successes.
"This sharp rise may partially reflect a growing trend among threat actors to exaggerate their impact, including the fabrication of victim data to project greater reach and intimidate targets," the company said.
"At the same time, it is worth noting that organizations which pay ransoms swiftly are typically excluded from public disclosure on leak sites, suggesting that historically, published figures may have significantly underrepresented the true scale of ransomware incidents."
Reporting will remain an issue
Because of such payouts, Dr Ilia Kolochenko, CEO at ImmuniWeb and a Fellow at BCS, said that the report's figures were just the "tip of the formidable iceberg".
"A growing number of US companies prefer to silently 'settle' with cybercriminals, especially with those groups that have a good reputation and history of keeping their intrusions confidential after being paid," he noted.
There are rules against such payments, in some cases.
"Sometimes, such payments may be perfectly legal, for example, when no personal data, classified or confidential data of third party is stolen," Kolochenko said.
"Rules may be harsher for governmental entities, as in some states they are flatly prohibited from paying ransoms, or for publicly traded companies given that such incidents may be required to be reported to the SEC and publicly disclosed," he added.
"Possible violation of sanctions – when buying cryptocurrencies from decentralized exchanges and when actually paying the threat actor – are also non-negligible."
Kolochenko predicts more and more companies will choose to pay rather than face negative headlines about ransomware attacks.
"With the overall deregulation spirit of the President Trump administration, we will probably see a steadily growing number of organizations that will prefer to silently pay a ransom and forget about the incident."
MORE FROM ITPRO
- Building ransomware resilience to avoid paying out
- The end of ransomware payments: How businesses fit into the fight
- UK government officials consider banning ransomware payments
-
How to implement a four-day week in techIn-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businessesIn-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaosNews Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so farNews A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
