Losses from ransomware in the US totaled US$59.6 million in 2023, which represents an increase of 74% compared to the previous year, when the amount reached US$34.4 million, according to the “Crime Report on the Internet of 2023” from the FBI. The figure was calculated based on the 2,825 ransomware incidents reported to the investigations department last year, an 18% increase compared to 2022.
The FBI added that the true number is likely much higher, as many ransomware infections go unreported. For example, when the intelligence agency infiltrated agents into the Hive group’s infrastructure in 2023, it found that only 20% of victims reported it to authorities.
The US Federal Police attributed this increase to the adjustment of tactics by threat operators, such as deploying multiple ransomware variants against the same victim and using data destruction to increase pressure on them to negotiate ransom payments.
The FBI’s Internet Crime Complaint Center (IC3) has received 1,193 complaints of ransomware attacks on organizations operating critical infrastructure in the US. This, in fact, was the sector most impacted by ransomware, with 249 notifications. Next come the manufacturing (218) and government services (156) sectors.
The ransomware variant that most affected critical infrastructure last year was LockBit (175 incidents), followed by ALPHV/BlackCat (100), Akira (95), Royal (63) and Black Basta (41). In February 2024, it was reported that a global police operation had taken down LockBit’s infrastructure, which was denied by the group.
For the second year in a row, investment fraud was the most costly type of internet crime monitored by IC3, with losses jumping from US$3.31 billion in 2022 to US$4.57 billion in 2023.
The second most profitable vector for attackers was business email compromise (BEC), with losses of $2.9 billion recorded across 21,489 complaints. This represents a small increase from BEC’s $2.7 billion losses in 2022.
In third place were technical customer support and government identity fraud schemes, responsible for losses of more than $1.3 billion. These frauds, which are typically perpetrated from call centers, have overwhelmingly targeted the elderly, with 40% of complaints coming from people over the age of 60 — this group suffered 58% of the losses.
Phishing was the most commonly reported internet crime last year, with almost 300,000 complaints, a slight drop compared to 2022. Next comes personal data breaches, with 55,851 complaints.
A total of 880,418 internet crime complaints were received by the FBI in 2023, a 10% increase compared to 2022. Estimated losses increased 22% over the same period, from $10.3 billion in 2022 to $12. 5 billion in 2023.
Source: CisoAdvisor, IC3
