FBI Reports Sharp Increase in American Cybercrime Victims

WASHINGTON — The FBI’s new Internet Crime Report released last week shows Americans lost $16.6 billion to cybercrime in 2024 despite an intensified government effort to stop it.

The losses were up by one-third from a year earlier. 

Fraud was the most common crime, particularly among elderly persons. It accounted for 83% of the financial losses. Ransomware attacks also were up.

The report coincides with warnings from the FBI that U.S. infrastructure is vulnerable to foreign attacks from China, individual hackers and elsewhere.

The statistics were derived largely from reports to the FBI’s Internet Crime Complaint Center.

The losses could have been much worse without the government’s intervention, according to the FBI.

Part of the U.S. effort against cybercrime was directed at LockBit, a cybercriminal group that sells ransomware to its customers. The FBI cites it as the world’s largest cybercrime network.

Software developed by the group enables malicious actors to carry out attacks by encrypting a victim’s data and demanding a ransom before they will decrypt — or unlock — their computers. If the information is private, they also threaten to leak it publicly unless they receive their ransom payment.

International government agencies report that it was responsible for 44% of global ransomware incidents in 2023. In the United States, LockBit software forced victims to pay about $91 million between January 2020 and May 2023, according to U.S. government reports.

The FBI tried to counter the LockBit attacks by distributing thousands of decryption keys to ransomware victims. The agency says the keys have helped to avoid about $800 million in ransomware payments.

“Also in 2024, we worked proactively to prevent losses and minimize victim harm through private sector collaboration and initiatives like Operation Level Up,” B. Chad Yarbrough, operations director for criminal and cyber at the FBI, wrote in the Internet Crime Report 2024. The FBI describes Operation Level Up as a proactive approach to identify and notify potential victims of cryptocurrency investment fraud .

In addition to ransomware and fraudulent financial appeals, cybercrime also commonly includes viruses, malware, data breaches and Denial of Service attacks.

“We disbanded fraud and laundering syndicates, shut down scam call centers, shuttered illicit marketplaces, dissolved nefarious ‘botnets,’ and put hundreds of other actors behind bars,” Yarbrough wrote.

The Internet Crime Complaint Center received 263,455 cybercrime complaints last year, the FBI reported.

The top five states for losses to cybercriminals were California at $2.5 billion; Texas at $1.3 billion; Florida at $1.1 billion; New York at $904 million; and Illinois at $479 million. 

Common complaints came from operators of critical infrastructure, which also has raised alarms in Congress.

Critical infrastructure refers to systems vital to public health, safety, national security and the economy. It typically includes telecommunications, financial services, the defense industry, health care and data storage and processing.

One of the most famous cyberattacks on U.S. critical infrastructure was the 2021 Colonial Pipeline ransomware attack that caused a shortage of gasoline in 17 states for five days before the oil company operators paid a $4.4 million ransom. It was blamed on a Russian cybercrime group called Darkside.

In March, the House Committee on Homeland Security warned that cybercrime has moved beyond financial scams to espionage.

Cybersecurity witnesses at a hearing said the Chinese Communist Party, Russia and clandestine transnational groups were using sophisticated tactics to undermine U.S. national security. If they continue, they could infiltrate and eventually control critical infrastructure and defense supply chains, according to the witnesses. 

“Adding in the CCP’s crippling stranglehold on so many aspects of our supply chain and the result is a montage of domestic vulnerability of unacceptable proportions,” Bill Evanina, chief executive of the strategic risk advisory organization Evanina Group, told Congress.

You can reach us at [email protected] and follow us on Facebook and Twitter