- Phishing, ransomware, and data breaches remain top threats, driving a sharp rise from $12.5 billion in 2023.
- With over 193,000 reports and $70M in losses, phishing outpaced extortion and data breaches as the most common cybercrime in 2024.
- Critical infrastructure in sectors like healthcare, government, and manufacturing faced hundreds of attacks, with ransomware losses vastly underreported due to non-disclosure.
The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats.
Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.
This overall number is not strictly related to cybercrimes but includes all Internet-based or cyber-enabled crimes. These include scams and various types of fraudulent activity.
The FBI also broke out cyber threats from its overall list, defining these as malicious acts that seek to damage data, steal data, or disrupt digital life in general. Cyber threats include ransomware, viruses and malware, data breaches, Denial of Service (DoS) attacks, and other attack vectors. IC3 received more than 4,800 complaints from organizations belonging to a critical infrastructure sector that were affected by a cyber threat.
The FBI received 263,455 cybercrime complaints, resulting in $1.57 billion in losses.
Phishing
The vast majority of crimes reported in 2024 were related to phishing, numbering 193,407, or more than double the next most numerous, extortion, and three times as many as personal data breaches at 64,882. Business email compromise (BEC) complaints numbered 21,442 were about on par with the previous year.
These phishing scams resulted in excess of $70 million in losses. However, BEC losses were listed at $2.7 billion, down from $2.9 billion in 2023.
Ransomware
Ransomware complaints increased 9% year over year with 3,156 being posted in 2024 up from 2,825 and was called the most pervasive threat to critical infrastructure. Ransomware losses begin at about $12 million, but the FBI noted this figure does not include estimates of lost business, time, wages, files, equipment, or any third-party remediation services acquired by an entity.
In some cases, entities do not report any loss amount to the FBI, thereby creating an artificially low overall ransomware loss rate. Lastly, the number only represents what entities report to the FBI via IC3 and does not account for the entities directly reporting to FBI field offices/agents.
The FBI noted that these attacks and losses were particularly concerning because last year, the agency took significant actions to make it harder and more costly for malicious actors to succeed.
“We dealt a serious blow to LockBit, one of the world’s most active ransomware groups. Since 2022, we have offered up thousands of decryption keys to victims of ransomware, avoiding over $800 million in payments,” the FBI said in the report.
For the year, the top five most active ransomware groups were Akira, LockBit, RansomHub, FOG, and PLAY, the report noted.
Data Breaches
The 64,882 personal data breaches reported in 2024 resulted in $1.45 billion in losses in 2024. The number of breaches in 2024 ended a brief downward trend that had seen a dip in reported cases in 2023 to 55,85, from 58,859 in 2022.
Critical Infrastructure
The IC3 report contained a detailed breakdown of which critical infrastructure segments filed the most complaints. Leading the way was critical manufacturing, which reported 258 ransomware attacks and 75 data breaches for the year.
Other impacted sectors included:
Additional losses were caused by tech support scams, $1.6 billion; credit card/check fraud, $200 million; SIM swap, $25.9 million; botnets, $9 million; and general malware, $1.3 million.
25 Years of Internet-Related Crime
In the years since the FBI rolled out its first IC3 report, it has received more than 9 million complaints, with 4.2 million coming in just the last five years. During this period, the frequency of complaints has grown from 2,000 per month to 2,000 per day.
Overall losses have tallied in the range of $50.5 billion.
“The criminals Americans face today may look different than in years past, but they still want the same thing: to harm Americans for their own benefit,” said B. Chad Yarbrough, Operations Director for the Criminal and Cyber Federal Bureau of Investigation.
Mitigations
The IC3 report does not include specific instructions on how to avoid being victimized by Internet crime, but Trustwave SpiderLabs’ ongoing series of Industry Threat Reports each contains a great deal of real-world, easily implemented information that can help protect your organization.
These include:
Please visit the Trustwave Resource Library for additional reports.
