A new analysis of Bank Secrecy Act reports found that more than $2.1 billion in ransomware payments were made over a three-year period starting in 2022, according to the Financial Crimes Enforcement Network.
From 2022 to the end of 2024, FinCEN received 7,395 BSA reports related to 4,194 ransomware incidents, according to a financial trend analysis. By contrast, in the nine years prior, it received 3,075 BSA reports totaling approximately $2.4 billion in ransomware payments. Ransomware incidents and payments reached an all-time high in 2023 at 1,512 incidents, totaling approximately $1.1 billion in payments — an increase of 77% in total payments year-over-year from 2022 to 2023.
The median amount of a single ransomware transaction was $124,097 in 2022; $175,000 in 2023; and $155,257 in 2024, FinCEN said. From 2022 to 2024, the most common payment range was below $250,000. The most targeted sectors were financial services, manufacturing and healthcare.
FinCEN also identified several common money laundering typologies used during ransomware incidents. Ransomware payments were overwhelmingly collected in unhosted convertible virtual currency wallets that continued to be used for money laundering after receiving payment. Different ransomware threat actors also continued to use several common preferred malicious cyber facilitators, such as shared initial access vendors.
“Banks and other financial institutions play a key role in protecting our economy from ransomware and other cyber threats,” FinCEN Director Andrea Gacki said in a statement. “By quickly reporting suspicious activity under the Bank Secrecy Act, they provide law enforcement with critical information to help detect cybersecurity trends that can damage our economy.”
