Ransomware attacks in the United States escalated significantly in 2023, resulting in financial losses totaling $59.6 million, marking a substantial 74% increase from the previous year’s reported losses of $34.4 million, as per the FBI’s Internet Crime Report 2023.
This staggering figure was derived from 2,825 reported ransomware incidents to the FBI throughout the year, showcasing an 18% surge compared to 2022.
The FBI noted that the actual financial toll is likely much higher due to underreporting of ransomware infections.
For instance, when the FBI penetrated the Hive group’s infrastructure in 2023, it discovered that only a mere 20% of Hive’s victims had reported the attacks to law enforcement.
The agency attributed this surge to threat actors adapting their strategies, including employing multiple ransomware variants against a single target and resorting to data destruction to intensify pressure on victims for negotiation.
Critical infrastructure organizations submitted 1,193 complaints of ransomware attacks to the FBI’s Internet Crime Complaint Center (IC3). Healthcare emerged as the most impacted sector, with 249 reported incidents, followed by critical manufacturing (218) and government facilities (156).
The predominant ransomware variant affecting critical infrastructure in 2023 was LockBit (175 incidents), trailed by ALPHV/BlackCat (100), Akira (95), Royal (63), and Black Basta (41).
In February 2024, global law enforcement efforts reportedly dismantled LockBit’s infrastructure.
Investment Fraud Tops the Charts in Financial Losses
For the second consecutive year, investment fraud retained its position as the costliest form of internet crime tracked by IC3, with losses soaring from $3.31 billion in 2022 to $4.57 billion in 2023.
Following closely behind was business email compromise (BEC), which resulted in $2.9 billion in losses across 21,489 complaints, a slight uptick from the estimated $2.7 billion losses in 2022.
Tech/customer support and government impersonation scams ranked third, causing over $1.3 billion in losses. These scams, typically originating from call centers, predominantly targeted older adults, with 40% of complainants aged over 60 and accounting for 58% of the total losses.
Phishing retained its status as the most frequently reported internet crime, with nearly 300,000 complaints, a marginal decrease from 2022. This was followed by personal data breaches, with 55,851 complaints.
Overall, the FBI received 880,418 internet crime complaints in 2023, marking a 10% increase compared to 2022. Estimated losses surged by 22% during the same period, from $10.3 billion in 2022 to $12.5 billion in 2023.