FinCEN Reports on Ransomware Attacks

The Financial Crimes Enforcement Network ("FinCEN") reported on ransomware patterns and trends using Bank Secrecy Act ("BSA") data filed between January 2022 and February 2025. 

The latest Financial Trend Analysis focused on the volume of incidents, payment values, and the financial methodologies of threat actors. FinCEN detailed findings in four areas:

1. Ransomware Activity and Volume. FinCEN stated that the scope of the ransomware threat remains significant, with 4,194 incidents reported between 2022 and 2024 totaling more than $2.1 billion in payments. The agency noted that activity reached an all-time high in 2023—with 1,512 incidents and approximately $1.1 billion in payments (a 77% increase in value over 2022). However, activity receded in 2024, with incidents dropping to 1,476 and total payments falling to $734 million. FinCEN attributed this decline largely to the disruption of major ransomware groups by federal and international law enforcement.
2. Payment Trends and Variants. FinCEN highlighted that the median ransomware payment fluctuated over the reporting period, rising from "$124,097 in 2022 [to a peak of] $175,000 in 2023," before decreasing to $155,257 in 2024. FinCEN noted that "the most common payment range [remained] below $250,000." 
3. Operational Typologies. FinCEN detailed the specific mechanisms used by threat actors to communicate and launder funds. The report stated that the "Onion Router" protocol—an anonymity-focused network that masks user identities—was the primary communication method, utilized in 67% of incidents where a method was identified. FinCEN identified Bitcoin as the dominant payment method, accounting for 97% of reported transactions.
4. Sector Vulnerabilities and Mitigation. FinCEN reported that ransomware attacks targeted a wide range of businesses but were most acute in Financial Services, Manufacturing, and Healthcare.