The FBI will report that ransomware is the most prevalent cybersecurity threat to critical infrastructure in the U.S. in 2024.
As Reuters Complaints about ransomware attacks in key sectors increased by 9% over the previous year, the report said.
The annual report of the FBI Internet Crime Complaints Center (IC3) will show that manufacturing, healthcare, government facilities, financial services and it is the main critical infrastructure sector targeted by digital ransomers.
As the impact of ransomware is seen in production lines, paralyzing hospital systems and shutting down pipelines can have a significant impact on public health and security.
Therefore, ransomware attacks not only cause IT headaches, but also a potential national security crisis.
The unfortunate fact is that despite the many victories of law enforcement agencies, which undermined ransomware operations and brought certain responsible ransomware to justice, it was not yesterday’s issue.
Indeed, the FBI calculated that a record $16.6 billion was lost in 2024, a huge 33% loss from 2033 – blamed on ransomware and ransomware-related fraud.
Apparently, cybercrime gangs are making money with unprecedented profits.
I hate it sounds like a broken record, but it’s not news for us.
Remember the colonial pipeline ransomware attack in May 2021? The incident forced the largest fuel pipeline on the U.S. East Coast to close, causing gas shortages and panic purchases in the pump. The incident even prompted President Joe Biden to sign an executive order calling on critical infrastructure industries to strengthen their cybersecurity.
Then there was a ransomware attack on JBS, the world’s largest meat supplier, which caused the meat supply chain to stop wear and tear and eventually led to the company paying Revil Ransomware Gang $11 million.
Fast forward to 2025, as ransomware attacks on critical infrastructure companies and organizations continue to capture the headlines – a sign that security gaps tend to remain.
Police forces and investigators have made some international efforts, but ransomware rackets are still alive.
Obviously, organizations need to do better. Critical infrastructure companies need to view cybersecurity as a critical mission, share meaningful information about threats, and take steps to keep their systems free of attacks.
Otherwise, we’ll be back here next year, report a surge and ask again, and things will get better at that time.
Editor’s Note: The opinions expressed in this article and other guest authors’ articles are only the opinions of the contributor and do not necessarily reflect the opinions of Tripwire.
