A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware.

The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion over the three-year period.

Yes, that number is enormous - but it hides a more interesting story beneath it: that after peaking in 2023, ransomware payments actually started to decline.

Because in 2023 alone, ransomware victims paid a reported US $1.1 billion in ransoms to their extortionists - the highest annual figure ever recorded by FinCEN, outstripping both 2022 and 2024 combined.

Yet, by 2024 something had changed. Total ransom payments fell dramatically 33% to around US $734 million, and the number of reported incidents also fell slightly. After a wave of ransomware attacks that have grown relentlessly for more than a decade, any downturn has to be considered an unexpected (and welcome) development.

FinCEN's report suggests that one major factor is increased pressure from multi-national law enforcement agencies, which have managed to disrupt and dismantle the infrastructure used by notorious criminal gangs such as LockBit, BlackCat/ALPHV, and Hive.

With their servers and channels for payment taken down by the authorities, the revenue for the ransomware gangs dries up. So, if you were ever wondering whether law enforcement agencies' operations against ransomware gangs make a real difference - the numbers suggest that they do.

The report from FinCEN also reveals which sectors are suffering the most. Manufacturing tops the list in terms of the sheer number of attacks, followed by financial services and healthcare. But when measured by total payments, financial services leads - likely because banks and investment firms typically hold more sensitive data.

Cyber-criminals continue to focus their attention on organizations that cannot afford to be offline and are therefore more inclined to pay a ransom quickly.

For organizations seeking to learn from the report, the fundamentals remain the most important. Regular offline backups, tested recovery plans, strong authentication, and timely software updates continue to be the most effective ways to protect companies.

FinCEN’s data also makes clear that many corporate victims of ransomware still delay reporting attacks or choose not to report them at all. It should be remembered that greater transparency benefits everyone by making it easier to track trends and identify the criminal groups that cause the most harm.

Ransomware is still a multi-billion-dollar problem, and it would be a mistake to view the 2024 dip for a permanent decline. But FinCEN’s analysis shows that the ransomware economy can be disrupted, and that repeated action by law enforcement can have a noticeable impact.

If businesses continue to strengthen their defenses and report attacks promptly, they can help ensure that ransomware takes a further downward path and, hopefully, deny cyber-criminals the easy profits they’ve relied on for far too long.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.