Search
Choose a style
Dark
Light
Time to read: 3 min

FinCEN says Bitcoin used in 97% of US ransomware attacks

Computer hacker.
Editorial credit: ozrimoz / Shutterstock

New FinCEN data shows Bitcoin accounted for 97% of reported ransomware payments between 2022 and 2024. 

The US Financial Crimes Enforcement Network (FinCEN) has revealed Bitcoin remains overwhelmingly the most-used method for ransomware payments, accounting for nearly all transactions reported under the Bank Secrecy Act (BSA) between 2022 and 2024.

The report, published on December 4 2025,  found ransomware incidents peaked in 2023 with 1,512 attacks, totalling roughly $1.1bn in payments,  a 77% increase from 2022. After law enforcement disrupted high-profile groups such as ALPHV/BlackCat and LockBit, incidents fell slightly in 2024 to 1,476, with payments dropping to about $734m.

Financial services, manufacturing, and healthcare were the most targeted industries, accounting for nearly $1bn in reported payments over the three years. 

FinCEN identified 267 ransomware variants in BSA data, with ALPHV/BlackCat and Akira among the most common. Threat actors mostly communicated via The Onion Router, followed by email and encrypted messaging apps. Median payments ranged from $124,000 in 2022 to $175,000 in 2023, before falling to $155,000 in 2024.

FinCEN believes the report shows the important role financial institutions play in spotting and reporting suspicious activity, including filing suspicious activity reports (SARs) when ransomware payments are involved. 

The agency also recommends tracking threat indicators in monitoring systems and contacting law enforcement when dealing with potentially sanctioned actors.

Trump’s view of digital assets

The report comes as the US government increasingly favours digital assets. Americans could soon pay federal taxes in Bitcoin after Republican Representative Warren Davidson introduced the Bitcoin for America Act in November 2025. 

The bill would direct payments to the Strategic Bitcoin Reserve, created by Trump earlier this year.

Davidson said the legislation aims to strengthen the US economy and cement the country as a leader in digital asset adoption. The shift has also influenced banks, with JPMorgan Chase recently revealing it would allow clients to buy Bitcoin, despite CEO Jamie Dimon’s personal skepticism.

This reflects a significant shift from President Joe Biden’s administration, which treated crypto exchanges as key choke points for ransomware, sanctioning platforms such as Suex OTC for enabling illegal payments. 

Whereas under Trump, enforcement focuses more on individuals committing crimes, giving exchanges more room to operate.

Crypto companies remain vulnerable

The Trump administration’s decision not to target crypto exchanges directly may now seem wise, as these platforms can also be targets for hackers. While exchanges were criticised under the previous administration for allowing illicit payments, attacks like the recent Bybit hack show the platforms themselves face serious risks.

In February 2025, Bybit suffered a $1.4bn hack, the largest ever on a crypto exchange. The suspected hacker, Lazarus Group, is linked to North Korea and has been involved in many major attacks over the past decade, the 2017 WannaCry ransomware campaign, which used Bitcoin for payments.

Bybit CEO, Ben Zhou, revealed 70% of all customer ETH was stolen, leading to the company having to secure a loan to be able to process the surging amount of withdrawals which were being requested following the news of the hack. 

Subscribe to our newsletter