Is ransomware finally on the decline? Treasury data offers cautious hope

A new report from the US Treasury Department offers a cautious sign of progress in the battle against ransomware. According to fresh data from the Financial Crimes Enforcement Network (FinCEN), total ransomware payments fell significantly in 2024 — even though the number of victims barely changed.

Ransomware Payments Fall 33% in One Year

FinCEN’s analysis shows that ransomware payments dropped from $1.1 billion in 2023 to $734 million in 2024, marking a 33% decline. This shift comes after a record surge of ransomware activity in 2023, when payments jumped a staggering 77% year over year.

Cybersecurity experts have long warned that ransom payments are the key factor fueling these attacks. The new decline suggests progress in discouraging criminals, although researchers caution that the trend is still fragile.

Attacks Still Widespread Despite Payment Decline

While payments decreased, ransomware incidents remained alarmingly steady.
FinCEN recorded 1,476 ransomware reports in 2024, only slightly lower than the 1,512 attacks reported in 2023 — a decrease of just 2%.

This means ransomware is still a major, ongoing threat, and organizations across multiple industries continue to face relentless pressure from cybercriminals.

Industries Most Targeted by Ransomware

The Treasury report highlights three industries that bore the brunt of ransomware activity in 2024:

1. Manufacturing

• 456 reported attacks
• Nearly $285 million in payments

2. Financial Services

• 432 attacks
• $366 million in losses

3. Healthcare

• 389 attacks
• More than $305 million in payments

Cybercriminals often target these sectors because disruptions can be extremely costly, pushing victims to pay ransoms to restore operations quickly.

Most Active Ransomware Groups

FinCEN identified 267 ransomware variants active between 2022 and 2024. Among them, the most reported variants include:

• ALPHV/BlackCat
• Akira
• LockBit
• Phobos
• Black Basta

According to the Treasury, just 10 ransomware groups were responsible for $1.5 billion in payments during the three-year period.

A Positive Trend, But No Time for Complacency

Experts say the drop in payments may indicate stronger cybersecurity practices, improved reporting, and increased global pressure on ransomware gangs. However, with the number of attacks staying nearly the same, the threat landscape remains severe.

FinCEN and cybersecurity authorities continue urging organizations to harden their defenses, improve incident response plans, and avoid paying ransoms — a factor that could help sustain the downward trend.