- FinCEN reports ransomware activity dropped in 2024 after ALPHV and LockBit takedowns
- 2023 was peak year with $1.1B in payments; 2024 saw 1,476 incidents and $734M paid
- Collapsed gangs (ALPHV, LockBit, Black Basta) earned $790M; Akira remains most active, targeting finance, manufacturing, and healthcare
The takedown of ALPHV and LockBit ransomware gangs made a solid dent in the overall performance of ransomware operations last year.
This is according to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) which recently said that after all-time highs in 2023, the number of ransomware infections and paid ransoms declined in 2024.
In its “Financial Trend Analysis” paper, it confirmed that between 2013 and 2021, there were 3,075 reported cases of ransomware infections, with victims paying $2.4 billion in ransom demands.
Three key players out of the picture
Between January 2021 and December 2024, there were 4,194 such attacks, and $2.1 billion in payments. 2023 was peak year. That year, around $1.1 billion exchanged hands, which was a 77% increase compared to the year before. Some of the most active groups at the time were ALPHV (AKA BlackCat), Akira, LockBit, Black Basta, and Phobos.
That’s when law enforcement stepped in. Both ALPHV and LockBit were taken down, while Black Basta imploded after internal communications leaked. As a result, there were “just” 1,476 incidents in 2024 (down from 1,512 the year prior) and about $734 million in payments.
The median ransomware payment in 2023 was $174,000, significantly more than the $124,097 in 2022 and $155,257 in 2024.
The three groups that collapsed - ALPHV, LockBit, and Black Basta, raked in almost $790 million between them, during the analyzed time period. Akira, which is active today, was responsible for the largest number of attacks (376), while ALPHV and LockBit each had around 353. Financial services firms, manufacturing companies and the healthcare industry were the most targeted sectors.
Almost all of the payments (97%) were made in Bitcoin, which the gangs sent to unregulated cryptocurrency exchanges and tumbling/mixing services to launder.
Via The Record
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
