FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Posted on by

A record $16.6bn in cybercrime losses was reported to the FBI’s Internet Crime Complaint Center (IC3) in 2024.

This “staggering” amount represents a 33% rise compared to recorded losses in 2023, according to the IC3 Internet Crime Report 2024.

The bulk of these losses were as a result of cyber-enabled fraud – scams that use the internet for various nefarious purposes, including theft of money, data or identity, or the creation of counterfeit goods or services.

Cyber-enabled fraud made up 38% of complaints to IC3 and 83% of recorded losses, at $13.7bn, in 2024.

Investment fraud was the most costly type of internet crime recorded by the FBI for the third year running, at $6.5bn. This represents a significant increase from $4.5bn in 2023.

This was followed by business email compromise (BEC), at $2.7bn. This is a small decline compared to 2023, when there were $2.9bn in BEC losses recorded.

The next most costly types of internet crime in 2024 were tech support scams, at $1.4bn, and personal data breaches, at $1.4bn.

Read now: US Data Breach Victim Count Surges 26% Annually

“These rising losses are even more concerning because last year, the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed,” the FBI said.

Ransomware Attacks Grow, But Losses Plummet

Ransomware attack reports to the FBI totalled 3156 in 2024, up from 2825 in 2023.

The FBI also found that ransomware was the most pervasive threat to critical infrastructure in 2024, with complaints rising 9% from 2023.

Despite this, reported losses from ransomware fell substantially compared to 2023, from $59.6bn to $12.4bn.

These figures correspond with other research on ransomware published recently.

In February 2025, Chainalysis found that ransomware payments fell 35% in 2024.

Additionally, in April, Blackfog revealed that while Q1 2025 was a record-breaking quarter for disclosed ransomware attacks, victims are increasingly resisting payment demands.

Possible reasons for this include improved cyber resiliency, enabling organizations to explore multiple options to recover from an attack before considering paying a ransom.

Another explanation is numerous law enforcement actions disrupting high profile groups like LockBit last year, creating a more fragmented ransomware ecosystem made up of smaller groups and lone wolf actors. This means there has been a shift in focus from high-value “big-game” targets to smaller organizations.

The FBI said it had recognized 67 new ransomware variants in 2024, the most reported of which were Fog, Lynx, Cicada 3301, Dragonforce and Frag.