The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Complaint Report, which shows record-breaking losses to cybercrime in 2024. While the number of complaints fell slightly year-over-year, losses to cybercrime increased by a staggering 33% to $16.6 billion, smashing the previous record set in 2023. The bulk of those losses (83%) were the result of cyber-related fraud, which accounted for 38% of complaints. In total, IC3 received 859,532 cybercrime complaints in 2024, of which 256,256 complaints involved actual losses. The average loss was $19,372.
The most common reason for complaints was phishing/spoofing, with 193,407 complaints, followed by extortion (86,415), and personal data breaches (64,882). In terms of losses, investment fraud topped the list with reported losses of $6.57 billion, up from $6.5 billion in 2023, followed by business email compromise losses of $2.77 billion, which fell slightly from the $2.9 billion in reported losses in 2023. At least $1.46 billion was lost to tech support scams in 2024, and $4.45 billion was lost to personal data breaches. Individuals over 60 years of age suffered more losses than any other age group, at almost $4.8 billion.
Ransomware gangs were highly active last year, with complaints about ransomware attacks increasing by 11.7% from 2,825 in 2023 to 3,156 in 2024. Ransomware posed the most significant threat to critical infrastructure entities, with complaints about ransomware attacks up 9% from the previous year. IC3 received 238 reports of ransomware attacks by healthcare and public health (HPH) sector entities in 2024, and 206 reports about data breaches. Given that more than 700 data breaches were reported to the HHS’ Office for Civil Rights in 2024, it is clear that only a relatively small percentage of healthcare organizations report data breaches to IC3.
Complaints and Losses to Cybercrime in 2024. Source: IC3
The reported losses from ransomware attacks were only $12.47 million, a significant decline from the $59.6 billion in ransomware losses reported in 2023. Those losses do not include lost business, time, wages, files, equipment, and reputation damage, which make up the bulk of losses, plus the losses are only based on what was reported to the FBI via IC3, with the figures not accounting for direct reports of losses to local FBI field offices. Further, many victims of cybercrime fail to report incidents to the FBI. The IC3 report ties in with reports from firms such as Coveware and Chainalysis, which both report declining ransom payments. The latter reported a 35% fall in ransom payments in 2024 in its February 2024 report.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
With fewer victims paying ransoms, ransomware attacks are becoming less profitable for cybercriminals, who have responded by conducting attacks in higher volume. Several cybersecurity firms have reported record-breaking numbers of attacks in 2025. Two of the most active ransomware groups either shut down or faced significant disruption by law enforcement in 2024, the effect of which has been a fragmentation of the ransomware landscape. The FBI tracked 67 new ransomware groups in 2024, the most active of which were Fog and Lynx. Based on the number of complaints, the top five ransomware groups were Akira, LockBit, RansomHub, Fog, and Play.
The top five U.S. states for complaints and losses were California, Texas, Florida, and New York, which stands to reason, as they are the most populous states. There were 96,265 complaints from California and $2.539 billion in losses, 62,347 complaints from Texas and $1.352 billion in losses, 52,191 complaints from Florida and $1.072 billion in losses, and 36,468 complaints from New York and $904 million in losses.
Click Here For The Original Source.
