Global Ransomware Crisis Deepens With Billions Paid to Hackers, Forcing Companies to Improve Cybersecurity and Backup Strategies

A new US government analysis has exposed how severely ransomware has impacted worldwide enterprises, revealing that more than $2.1 billion in ransom payments were made between January 2022 and December 2024. The report, published by the United States Treasury Department's Financial Crimes Enforcement Network (FinCEN), examined 4,194 ransomware incidents, demonstrating how attackers get more aggressive each year.

According to the data, ransomware payments during this three-year period nearly reached the figure for the previous nine years combined. The worst year was 2023, when payments totalled a record $1.1 billion, a 77% increase over 2022. ALPHV/BlackCat, LockBit, Akira, Phobos, and Black Basta are among the most active and damaging ransomware gangs.

 FinCEN reported that after major law enforcement crackdowns on groups such as ALPHV and LockBit, ransomware activity decreased slightly in 2024. Nonetheless, companies reported 1,476 instances that year, totalling almost $734 million in payouts. According to the study, ransomware attackers frequently target financial services, manufacturing, and healthcare industries, which rely substantially on uninterrupted operations. Approximately 97% of ransom payments were paid in Bitcoin, with gangs moving funds through unregulated cryptocurrency exchanges. 

Over the course of three years, the top ten ransomware versions generated $1.5 billion in extortion payments. ALPHV raised approximately $400 million, followed by LockBit and Black Basta. Akira generated the most reports, demonstrating how broad its attacks have become. This data demonstrates how ransomware has escalated into a global epidemic. Major attacks on organisations such as UnitedHealth, ICBC, Synnovis, and various governments throughout the world demonstrate that these disruptions are more than just technical concerns; they now affect actual people, critical services, and national security.

While worldwide institutions, notably the US-led International Counter Ransomware Task Force, have attempted to coordinate actions, progress has been glacial. Many ransomware gangs operate in areas where law enforcement cooperation is limited, making it difficult to locate, arrest, and prosecute offenders.The increased number of attacks with ransomware demonstrates that thieves are becoming more coordinated, aggressive, and significantly more expensive for organisations to deal with. These incidents are no longer isolated technological breaches, they interrupt operations, harm customer trust, and create long-term financial risks that many businesses find difficult to recover from.

In this context, ransomware-protected backup solutions have become critical for all organisations. Having secure, separated, and periodically tested backups means that firms may retrieve their data without paying attackers or succumbing to extortion threats. A solid data backup strategy not only lowers downtime, but it also helps businesses remain resilient, preserve continuity, and secure their most valuable information even during major cyber disasters.

Information referenced in this article is from The Record