Ransomware remains the top threat to American infrastructure, with complaints in 2024 rising 9% above 2023’s total, the FBI said Wednesday (April 23).
A report from the FBI’s Internet Crime Complaint Center (IC3) stated that despite international law enforcement efforts to disrupt ransomware operators and cybercrime forums, criminals are targeting critical sectors, including manufacturing, financial services, information technology, healthcare and government facilities.
Nearly half of all ransomware complaints received by the IC3 last year involved those critical infrastructure organizations, the report said.
The Cybersecurity and Infrastructure Security Agency (CISA) specifically defines “critical infrastructure” as encompassing 16 sectors, including energy, communications, food production, transportation and water systems. They’re providers of essential services that, if disrupted by a cyberattack, could have severe consequences for public health and safety.
In March, the FBI and CISA issued a joint advisory about the Medusa ransomware variant, which has been linked to attacks on over 300 victims across these critical infrastructure sectors since June 2021.
Last year was a record year for the wrong reasons. The IC3 report said that reported cyber and scam-related losses reached $16.6 billion in 2024, marking a 33% increase from 2023.
The center received 859,532 complaints last year, with an average reported loss of $19,372 per incident, according to the report. The report also noted that these figures might not reflect the true scale of losses, as many incidents go unreported, particularly among older Americans. Adults 60 and older were the most impacted demographic, accounting for more than $4.8 billion in losses across 147,000 complaints, IC3 said.
There was also a significant rise in cryptocurrency fraud, the report said, with at least $9.3 billion in losses reported in 2024 — a 66% increase over the previous year. These losses stemmed from investment scams, extortion, sextortion and fraudulent activity involving cryptocurrency ATMs and kiosks.
In a call with reporters, Christopher Delzotto, section chief of the financial crime section for the FBI, said that between January 2024 and April 2025, the FBI notified more than 5,400 victims targeted by cryptocurrency-related fraud — many of whom were unaware they had been targeted.
In addition to financial loss, cyberfraud can also impact business innovation, according to the PYMNTS Intelligence Certainty Project Report. The report explores these challenges and what some middle-market CFOs are doing about it.
However, the FBI did deliver some good news. The bureau said that since 2022, it has provided thousands of decryption keys to ransomware victims, helping them recover their data and avoiding more than $800 million in ransom payments.
