Ransomware incidents peaked in 2023 and fell in 2024 across major industries
Target Trend
Summary
Hide ▲
Show ▼
Ransomware payments peaked in 2023 and fell in 2024, signaling a broad shift in attacker yield across major business sectors. The trend spans 4,194 incidents from January 2022 to December 2024 and more than $2.1 billion in ransom payments. The decline matters because it coincided with disruption pressure on ALPHV/BlackCat and LockBit, while attacks still remained concentrated in manufacturing, financial services, and healthcare.
Related Happenings
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
Incident
First: 01.05.2026 10:47
Last: 01.05.2026 10:47
Sources 1
About this happening:
A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
IncidentAbout this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
BlackCat (ALPHV) multi-victim ransomware extortion campaign against U.S. companies
Campaign
First: 30.12.2025 17:25
Last: 30.12.2025 17:25
Sources 1
About this happening:
Two former cybersecurity workers pleaded guilty for participation in a **BlackCat (ALPHV)** ransomware extortion campaign that hit **multiple U.S. victims**, showing how affiliate...
BlackCat (ALPHV) multi-victim ransomware extortion campaign against U.S. companies
CampaignAbout this happening: Two former cybersecurity workers pleaded guilty for participation in a **BlackCat (ALPHV)** ransomware extortion campaign that hit **multiple U.S. victims**, showing how affiliate...
Romanian Waters (Administrația Națională Apele Române) hit by ransomware attack
Incident
First: 22.12.2025 17:25
Last: 22.12.2025 17:25
Sources 1
About this happening:
**Romanian Waters** (**Administrația Națională Apele Române**) was hit by a **ransomware attack** that disrupted about **1,000 systems** across **10 of 11 regional offices**, whil...
Romanian Waters (Administrația Națională Apele Române) hit by ransomware attack
IncidentAbout this happening: **Romanian Waters** (**Administrația Națională Apele Române**) was hit by a **ransomware attack** that disrupted about **1,000 systems** across **10 of 11 regional offices**, whil...
Aleksey Olegovich Volkov campaign expands across multiple victims
Campaign
First: 10.11.2025 21:12
Last: 10.11.2025 21:12
Sources 1
About this happening:
The **Yanluowang** ransomware operation is now tied to a named **initial access broker** who helped attackers reach **at least eight U.S. companies**, showing a coordinated extort...
Aleksey Olegovich Volkov campaign expands across multiple victims
CampaignAbout this happening: The **Yanluowang** ransomware operation is now tied to a named **initial access broker** who helped attackers reach **at least eight U.S. companies**, showing a coordinated extort...
LockBit ransomware return with 5.0 and 3.0 attacks
Malware Activity
First: 24.10.2025 18:15
Last: 24.10.2025 18:15
Sources 1
About this happening:
**LockBit** resurfaced in active **ransomware** operations in **September 2025**, with at least a dozen victims hit and a mix of **LockBit 5.0** and **LockBit 3.0/LockBit Black**...
LockBit ransomware return with 5.0 and 3.0 attacks
Malware ActivityAbout this happening: **LockBit** resurfaced in active **ransomware** operations in **September 2025**, with at least a dozen victims hit and a mix of **LockBit 5.0** and **LockBit 3.0/LockBit Black**...
Timeline
-
08.12.2025 23:07 2 articles · 5mo ago
FinCEN report on ransomware activity across 2022-2024
Campaign Scope UpdateFinCEN says ransomware activity peaked in 2023 and fell in 2024 after law enforcement actions against ALPHV/BlackCat and LockBit, with 4,194 incidents reported between January 2022 and December 2024 and more than $2.1 billion in ransom payments. The review identifies manufacturing, financial services, healthcare, retail, and legal services as the most frequently targeted sectors, while financial services, healthcare, and manufacturing accounted for the largest ransom totals, and most payments were made in Bitcoin.
Show sources
- FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 — www.bleepingcomputer.com — 08.12.2025 23:07
- FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 — www.bleepingcomputer.com — 08.12.2025 23:07