Digital scammers and extortionists have wreaked havoc on both businesses and individuals across the United States, siphoning a staggering $16.6 billion in 2023. This shocking figure marks the highest losses recorded since the FBI's Internet Crime Complaint Center (IC3) began tracking such incidents 25 years ago. The report sheds light on the evolving landscape of cybercrime, particularly focusing on the escalating threat posed by ransomware.

As we look ahead to 2024, ransomware continues to represent the most significant threat to critical infrastructure organizations. The number of complaints filed with the IC3 surged by nine percent compared to the previous year, emphasizing the growing peril that these malicious activities present.

B. Chad Yarbrough, the FBI's operations director for criminal and cyber investigations, expressed concern in the 2024 IC3 report, stating, "These rising losses are even more concerning because last year, the FBI took significant actions to make it harder and more costly for malicious actors to succeed." His statement underscores the alarming reality that, despite the FBI's proactive measures, the threat of cybercrime persists.

Yarbrough highlighted a notable achievement in the fight against cybercrime, pointing to the serious blow dealt to the LockBit ransomware group and the thousands of decryption keys that federal authorities have made available to victims since 2022. These efforts, however, have yet to significantly curtail the scourge of cyber extortion.

According to the FBI and IC3, extortion and ransomware are classified as two distinct categories of cybercrime. In 2024, extortion emerged as the second most frequently reported cybercrime, with a total of 86,415 complaints. For context, the most prevalent crime type last year was phishing and spoofing, which generated an overwhelming 193,407 complaints. In contrast, ransomware complaints were reported at 3,156, an increase from 2,825 in 2023 and 2,385 in 2022.

The financial impact of these crimes is staggering, with victims reporting losses of approximately $143.2 million due to extortion scams and an additional $12.5 million attributed to ransomware infections. It is important to note that the FBI cautions that ransomware losses are likely underreported. The financial implications extend beyond the immediate losses, encompassing lost business, employee wages, compromised files, and the expenses incurred for third-party incident response and remediation services.

The report emphasizes, "In some cases, entities do not report any loss amount to the FBI, thereby creating an artificially low overall ransomware loss rate." This situation is exacerbated by the fact that the figures only reflect what entities report to the IC3 and do not account for direct reports made to FBI field offices or agents.

In terms of critical infrastructure, operators reported nearly 4,900 cybersecurity threats in 2023, with ransomware complaints leading the charge at 1,403. The top five ransomware variants targeting critical organizations included Akira, LockBit, RansomHub, Fog, and PLAY. LockBit's dominance in the FBI's report aligns with findings from Cisco Talos' recent year-in-review report, which also identified LockBit as the most active ransomware-as-a-service (RaaS) group, responsible for 16 percent of all reported attacks in 2024.

Kendall McKay, a strategic lead at Talos, remarked on the remarkable consistency of LockBit at the top of the ransomware hierarchy, stating, "For us, that's pretty remarkable, given how dynamic that space is where you're seeing groups you shut down, or rebrand, or new groups emerge, or law enforcement action being taken. To see LockBit stay at the top for such a long time really caught our attention this year." This sustained prominence is noteworthy in a landscape where cybercriminal organizations frequently shift tactics and identities.

The Talos report also indicated that the builder software used by LockBit to create custom versions of their malware was leaked in September 2022, likely contributing to the ongoing prevalence of this ransomware variant. Interestingly, two other significant threats in 2024Akira and RansomHubmay have capitalized on the disruption caused by the takedown of LockBit, as they have reportedly absorbed some of the top talent from the dismantled group.

In addition to established ransomware families, the IC3 recorded 67 new ransomware variants in 2024, with the most reported being Fog, Lynx, Cicada 3301, Dragonforce, and Frag. This influx of new threats highlights the ever-evolving nature of cybercrime and the challenges faced by both individuals and organizations in safeguarding their digital assets.

Despite the alarming rise in ransomware complaints, there is a slight silver lining in the financial statistics. While the number of incidents has increased, the costs associated with reported ransomware attacks have actually decreased. In 2024, the total ransomware losses reported to the IC3 amounted to $12.5 billion, a significant drop from $59.6 billion in 2023 and $34.4 billion in 2022. This trend may suggest that organizations are becoming more adept at mitigating losses through better incident response strategies, though the overall threat remains a pressing concern.