Find notable cyber news and cases, enriched with sources, timelines, and signals.

Ransomware incidents peaked in 2023 and fell in 2024 across major industries

Trend
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

Ransomware payments peaked in 2023 and fell in 2024, signaling a broad shift in attacker yield across major business sectors. The trend spans 4,194 incidents from January 2022 to December 2024 and more than $2.1 billion in ransom payments. The decline matters because it coincided with disruption pressure on ALPHV/BlackCat and LockBit, while attacks still remained concentrated in manufacturing, financial services, and healthcare.

Related Happenings

INC ransomware group’s RaaS expansion and victim growth in 2026

Threat Actor Meta
H score45 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...

Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion

Threat Actor Meta
H score21 First: 07.06.2026 17:09 Last: 07.06.2026 17:09 Sources 1

About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...

Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)

Incident
H score45 First: 01.05.2026 10:47 Last: 01.05.2026 10:47 Sources 1

About this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...

Jaguar Land Rover (JLR) hit by cyberattack

Incident
H score65 First: 06.01.2026 13:15 Last: 06.01.2026 13:15 Sources 1

About this happening: **Jaguar Land Rover (JLR)** remains tied to a **September 2025 cyberattack** that disrupted operations for weeks and drove major financial fallout, including **£196m ($258m)** in...

Latest development: 29.06.2026 12:15

A June 26 New York Times report linked Russian hackers to the Jaguar Land Rover breach, and Microsoft reportedly raised the alarm with JLR while security experts described the activity as Kremlin-backed destructive sabotage rather than a ransom-driven intrusion. Attribution was also complicated by Scattered Lapsus$ Hunters claiming responsibility, and the report separately claimed that Rey independently breached part of the JLR network.

BlackCat (ALPHV) multi-victim ransomware extortion campaign against U.S. companies

Campaign
H score53 First: 30.12.2025 17:25 Last: 30.12.2025 17:25 Sources 1

About this happening: Two former cybersecurity workers pleaded guilty for participation in a **BlackCat (ALPHV)** ransomware extortion campaign that hit **multiple U.S. victims**, showing how affiliate...

Timeline

  1. 08.12.2025 23:07 2 articles · 7mo ago

    FinCEN report on ransomware activity across 2022-2024

    Campaign Scope Update

    FinCEN says ransomware activity peaked in 2023 and fell in 2024 after law enforcement actions against ALPHV/BlackCat and LockBit, with 4,194 incidents reported between January 2022 and December 2024 and more than $2.1 billion in ransom payments. The review identifies manufacturing, financial services, healthcare, retail, and legal services as the most frequently targeted sectors, while financial services, healthcare, and manufacturing accounted for the largest ransom totals, and most payments were made in Bitcoin.

    Show sources