Ransomware attacks cost financial institutions billions
Ransomware attacks cost financial institutions more than $2.1 billion from 2022 to 2024, according to the Financial Crimes Enforcement Network’s (FinCEN) latest Financial Trend Analysis.
Key findings include:
- Ransomware incidents and payments reported to FinCEN reached their highest level in 2023 with 1,512 incidents, totaling $1.1 billion in payment—an increase of 77% in total payments from 2022;
- Following law enforcement’s disruption of two high-profile ransomware groups, ransomware incidents reported to FinCEN decreased in 2024, with 1,476 incidents, reflecting $734 million in the aggregate value of reported payments in BSA reports;
- During the three-year review period (January 2022 – December 2024), FinCEN received 7,395 BSA reports related to 4,194 ransomware incidents totaling more than $2.1 billion in ransomware payments. FinCEN received 3,075 BSA reports totaling approximately $2.4 billion in ransomware payments in total from 2013 to 2021;
- The financial services industry accounted for 432 incidents totaling approximately $365.6 million in reported payments, second only to the manufacturing industry; and
- Threat actors most often communicated with their intended ransomware targets via messages sent over mostly using The Onion Router (TOR) protocol (67%), while other communications were via email or other private encrypted messaging systems.
Addressing the risks ransomware and other cybercrime present in the digital assets ecosystem, America’s Credit Unions has engaged FinCEN on these issues and made recommendations to regulators to protect financial institutions and consumers.