Ransomware losses in the US surged to $59.6m in 2023, a 74% rise on the previous year’s reported figure of $34.4m, according to the FBI’s Internet Crime Report 2023.
This figure was calculated from 2825 ransomware incidents reported to the FBI last year, an increase of 18% from 2022.
The law enforcement agency added that the true figure is likely to be far higher, as many ransomware infections go unreported. For example, when the FBI infiltrated the Hive group’s infrastructure in 2023 it found that only 20% of Hive’s victims reported to law enforcement.
The FBI partly attributed this rise to threat actors adjusting their tactics, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction to increase pressure on victims to negotiate.
The FBI’s Internet Crime Complaint Center (IC3) received 1193 complaints of ransomware attacks from critical infrastructure organizations.
Healthcare was the critical infrastructure sector most impacted by the vector, with 249 reports. This was followed by critical manufacturing (218) and government facilities (156).
The ransomware variant that most affected critical infrastructure last year was LockBit (175 incidents), followed by ALPHV/BlackCat (100), Akira (95), Royal (63) and Black Basta (41).
In February 2024, it was reported that a global law enforcement operation took down LockBit’s infrastructure.
Read here: US Government Warns Healthcare is Biggest Target for BlackCat Affiliates
Investment Fraud Results in the Biggest Losses
For the second year running, investment fraud was the most costly type of internet crime tracked by IC3, with losses rising from $3.31bn in 2022 to $4.57bn in 2023.
The second most lucrative vector for attackers was business email compromise (BEC), with $2.9bn in losses recorded across 21,489 complaints. This represents a small increase on the $2.7bn losses to BEC estimated in 2022.
In third place was tech/customer support and government impersonation scams, responsible for over $1.3bn in losses. These scams, which are normally perpetrated from call centers, overwhelmingly targeted older adults, with 40% of the complainants aged over 60, and this group suffering 58% of the losses.
Phishing was the most commonly reported internet crime last year, with nearly 300,000 complaints, a slight fall from 2022. This was followed by personal data breach, at 55,851 complaints.
A total of 880,418 internet crime complaints were received by the FBI in 2023, up by 10% compared to 2022. Estimated losses rose by 22% in the same period, from $10.3bn in 2022 to $12.5bn in 2023.