Source: Federal Bureau of Investigation FBI Crime News (b)
Highlights Private Sector Partnerships and Importance of Reporting
As ransomware threats continue to evolve and disrupt critical services across the country, the FBI San Francisco Field Office is reinforcing its message to businesses and infrastructure partners: strong collaboration and timely reporting are essential to protecting U.S. networks.
While participating in the RSA Cybersecurity Conference at the Moscone Center through May 1, 2025, FBI San Francisco is engaging cybersecurity professionals and industry leaders to strengthen partnerships and share information on the state of the cyber threat landscape.
“Our cyber strategy is focused on disrupting adversaries, building trusted partnerships, and removing threats from U.S. networks before they cause harm,” said FBI San Francisco Special Agent in Charge Sanjay Virmani. “We are proactively engaging not only major corporations but also small and mid-sized companies that form the bedrock of our economy.”
Ransomware Threat Landscape
The ransomware threat today is immense—measured by the amount of financial losses, the number of active variants, and the increasing sophistication of attacks. Ransomware is malicious software designed to infect a computer or server, encrypt its contents, and demand a ransom payment in exchange for a decryption key.
These attacks are often carried out by complex networks of criminal developers, affiliates, and service providers. Ransomware operations continue to adapt, emphasizing operational security and using layered tactics to extort victims. A growing trend is data theft and victim extortion without encryption, where criminals demand payment to avoid leaking sensitive or proprietary information—even when the victim has reliable backups.
Criminal groups are also resorting to harassment tactics, including contacting employees or customers directly to pressure organizations into paying.
According to the FBI’s Internet Crime Complaint Center (IC3):
- In 2024, cyber incidents and internet-enabled frauds cost victims more than $16.6 billion.
- IC3 received over 3,100 ransomware complaints in 2024—an increase of nearly 12% over the prior year.
- IC3 received over 86,000 extortion complaints in 2024—an increase of nearly 79% over the prior year.
- Ransomware remains the most persistent cyber threat to critical infrastructure, with complaints rising 9% from 2023.
- In 2024, 14 of the 16 U.S. critical infrastructure sectors experienced ransomware att
From 2022 to 2024, IC3 received ransomware complaints totaling more than $106 million in reported losses—though the actual impact is likely higher, as many incidents are never reported.
FBI Strategy: Disrupt, Partner, Protect
The FBI’s cyber strategy focuses on disrupting cybercriminal infrastructure, building enduring partnerships, and making it harder and costlier for adversaries to succeed. The FBI targets the key services ransomware groups rely on: digital infrastructure, tools, communications, and money.
By combining the capabilities of domestic and international partners and imposing costs on cybercriminals, including seizing illicit funds, the FBI is taking proactive steps to degrade their operations and reduce future attacks. This work requires help from the public and private sectors alike.
“Together, we can dismantle these operations and protect the systems Americans rely on,” Virmani added. “But we can only do it if incidents are reported. If we don’t know it happened, we can’t act—and we can’t stop the next one.”
Reporting To The FBI
Despite the growing number of attacks, the FBI continues to face challenges with underreporting. After the FBI gained visibility into a major ransomware group’s infrastructure, investigators found that only about 20% of that group’s U.S. victims had reported the attack to law enforcement—a pattern consistent across multiple operations.
Organizations may avoid reporting due to reputational concerns, quick internal recovery, or payment decisions. However, reporting cyberattacks helps the FBI track evolving threats, identify patterns, and support victims.
The FBI urges victims of cyber incidents to report as soon as possible through the Internet Crime Complaint Center at www.ic3.gov. Prompt reporting allows FBI cyber squads to assess threats, provide appropriate assistance, and minimize disruption.