Ransomware incidents peaked in 2023 and fell in 2024 across major industries
Trend
Summary
Hide ▲
Show ▼
Ransomware payments peaked in 2023 and fell in 2024, signaling a broad shift in attacker yield across major business sectors. The trend spans 4,194 incidents from January 2022 to December 2024 and more than $2.1 billion in ransom payments. The decline matters because it coincided with disruption pressure on ALPHV/BlackCat and LockBit, while attacks still remained concentrated in manufacturing, financial services, and healthcare.
Related Happenings
INC ransomware group’s RaaS expansion and victim growth in 2026
Threat Actor Meta
H score45
First: 18.06.2026 17:12
Last: 18.06.2026 17:12
Sources 1
About this happening:
**INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...
INC ransomware group’s RaaS expansion and victim growth in 2026
Threat Actor MetaAbout this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
Incident
H score45
First: 01.05.2026 10:47
Last: 01.05.2026 10:47
Sources 1
About this happening:
A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
IncidentAbout this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Jaguar Land Rover (JLR) hit by cyberattack
Incident
H score65
First: 06.01.2026 13:15
Last: 06.01.2026 13:15
Sources 1
About this happening:
**Jaguar Land Rover (JLR)** remains tied to a **September 2025 cyberattack** that disrupted operations for weeks and drove major financial fallout, including **£196m ($258m)** in...
Jaguar Land Rover (JLR) hit by cyberattack
IncidentAbout this happening: **Jaguar Land Rover (JLR)** remains tied to a **September 2025 cyberattack** that disrupted operations for weeks and drove major financial fallout, including **£196m ($258m)** in...
Latest development: 29.06.2026 12:15
A June 26 New York Times report linked Russian hackers to the Jaguar Land Rover breach, and Microsoft reportedly raised the alarm with JLR while security experts described the activity as Kremlin-backed destructive sabotage rather than a ransom-driven intrusion. Attribution was also complicated by Scattered Lapsus$ Hunters claiming responsibility, and the report separately claimed that Rey independently breached part of the JLR network.
BlackCat (ALPHV) multi-victim ransomware extortion campaign against U.S. companies
Campaign
H score53
First: 30.12.2025 17:25
Last: 30.12.2025 17:25
Sources 1
About this happening:
Two former cybersecurity workers pleaded guilty for participation in a **BlackCat (ALPHV)** ransomware extortion campaign that hit **multiple U.S. victims**, showing how affiliate...
BlackCat (ALPHV) multi-victim ransomware extortion campaign against U.S. companies
CampaignAbout this happening: Two former cybersecurity workers pleaded guilty for participation in a **BlackCat (ALPHV)** ransomware extortion campaign that hit **multiple U.S. victims**, showing how affiliate...
Timeline
-
08.12.2025 23:07 2 articles · 7mo ago
FinCEN report on ransomware activity across 2022-2024
Campaign Scope UpdateFinCEN says ransomware activity peaked in 2023 and fell in 2024 after law enforcement actions against ALPHV/BlackCat and LockBit, with 4,194 incidents reported between January 2022 and December 2024 and more than $2.1 billion in ransom payments. The review identifies manufacturing, financial services, healthcare, retail, and legal services as the most frequently targeted sectors, while financial services, healthcare, and manufacturing accounted for the largest ransom totals, and most payments were made in Bitcoin.
Show sources
- FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 — www.bleepingcomputer.com — 08.12.2025 23:07
- FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 — www.bleepingcomputer.com — 08.12.2025 23:07