Cybercriminals attack schools and hospitals with alarming regularity, according to the FBI’s 2024 Internet Crime Complaint Center (IC3) report, which documents record losses and an expanding target list that now includes virtually every sector of critical infrastructure. The FBI’s official assessment is blunt: “I can’t think of anything that’s off limits to them.” This assessment reflects a year in which American victims reported $16.6 billion in losses to cybercriminals—a new record despite the agency’s most aggressive enforcement actions in years.
Key Takeaways
- 2024 cybercrime losses reached $16.6 billion, a record high driven primarily by fraud
- Ransomware complaints rose 9% from 2023, with hospitals and schools as primary targets
- The FBI disrupted LockBit ransomware group and distributed decryption keys saving victims over $800 million since 2022
- People over 60 filed the most complaints and suffered the highest losses
- IC3 received over 2,000 complaints daily for the past five years, up from roughly 2,000 monthly when first established
Why Cybercriminals Attack Schools and Hospitals Without Fear
Schools and hospitals represent soft targets with minimal cybersecurity infrastructure and maximum pressure to pay ransoms quickly. When a hospital’s systems go down, lives are at stake. When a school district’s data is encrypted, administrators face impossible choices: pay the criminals or lose student records, financial data, and operational continuity. Ransomware complaints increased 9% from 2023 to 2024, cementing attacks on critical infrastructure as the top threat facing the nation.
The ransomware ecosystem has matured into a sophisticated criminal enterprise. Specialized variants now target specific sectors—Zeppelin ransomware, for example, has advanced from attacking hospitals and medical devices in the Bay Area to targeting larger businesses and corporations. These groups operate with impunity partly because cryptocurrency enables instant, irreversible global transfers. Once a victim pays in Bitcoin or another digital currency, the money disappears into the criminal underworld within seconds, making recovery nearly impossible.
What makes this threat acute is scale. The IC3 has received over 9 million complaints since its founding, and complaint volume has exploded—the center now processes more than 2,000 complaints daily, a staggering increase from its original monthly intake. This volume reflects not just more attacks, but more victims becoming aware they should report the crime.
FBI Disruptions Show Limited Impact on Losses
In 2024, the FBI executed its most visible enforcement action against ransomware operators: the disruption of LockBit, one of the world’s most active ransomware groups. The agency also seized critical domains used by ransomware operators—in February 2024, the FBI Boston field office seized www.warzone.ws and three additional domains to help identify ransomware variants and detect attacks on critical infrastructure.
The results, however, tell a sobering story. Despite these disruptions and thousands of decryption keys distributed to victims since 2022—which have prevented over $800 million in ransom payments—total losses still climbed to a record $16.6 billion. The adjusted losses attributed specifically to ransomware reached $9,322,335,911, though this figure excludes lost business, time, wages, damaged files, equipment replacement, and third-party remediation costs. Some entities report no measurable loss at all, suggesting the true economic damage is substantially higher.
The FBI’s Operation Level Up, executed in partnership with the private sector, has shut down fraud syndicates, scam call centers, illicit marketplaces, and botnets. Yet cybercriminals continue to adapt faster than law enforcement can disrupt them. For every LockBit taken offline, new variants emerge and new groups establish operations.
Older Adults Bear Disproportionate Losses
A demographic pattern emerges sharply from the 2024 data: people over 60 filed the most complaints and suffered the highest losses relative to other age groups. This reflects both the targeting strategies of scammers—who exploit trust and technical unfamiliarity—and the fact that older adults often control significant financial assets. Fraud, not ransomware, drives the bulk of the $16.6 billion total, and fraud schemes disproportionately prey on senior citizens through romance scams, investment fraud, and impersonation attacks.
This concentration of losses among older adults represents a failure of both cybersecurity education and victim support systems. While the FBI distributes decryption keys to ransomware victims, it cannot undo the emotional and financial devastation of a romance scam or the loss of a lifetime’s savings to investment fraud.
Why Cryptocurrency Enables the Crisis
Cryptocurrency’s decentralized, pseudonymous, and irreversible nature makes it the payment method of choice for cybercriminals. Unlike bank transfers, which can be traced and reversed, cryptocurrency transactions settle instantly and cannot be undone. A victim pays in Bitcoin, and within minutes the funds are tumbled through multiple wallets, converted to other cryptocurrencies, or withdrawn to cash. This architectural advantage—from the criminal’s perspective—has made ransomware and fraud economically viable at scale.
The FBI has limited tools to combat this. Blockchain analysis can track some transactions, but sophisticated criminals use mixers, tumblers, and decentralized exchanges to obscure the money trail. International jurisdiction compounds the problem: a ransomware group operating from Russia or Eastern Europe faces minimal legal risk, while their victims in the United States have no practical recourse.
What Comes Next
The 2024 IC3 report offers no indication that losses will decline in 2025. Ransomware groups continue to evolve, targeting new sectors and refining their tactics. Schools and hospitals remain attractive targets because they cannot easily migrate systems or go offline. Older adults remain vulnerable because social engineering exploits human psychology, not technical flaws.
The FBI’s enforcement actions matter, but they are fundamentally reactive. Until cybersecurity becomes a mandatory priority for critical infrastructure—with federal funding, standardized protocols, and real consequences for negligence—schools and hospitals will remain soft targets. Cryptocurrency regulation could slow the money flow, but international enforcement remains nearly impossible. The gap between the FBI’s ambitions and its actual impact widens each year.
How much money did ransomware cost victims in 2024?
Ransomware adjusted losses reached $9,322,335,911 in 2024, though this figure excludes indirect costs like lost business, wages, remediation, and equipment replacement. The total cybercrime loss figure of $16.6 billion includes fraud, which makes up the bulk of reported losses.
Which sectors face the highest ransomware risk?
Schools and hospitals face the highest ransomware risk because they cannot easily shut down operations and face intense pressure to pay quickly to restore critical services. Zeppelin ransomware has advanced from targeting hospitals and medical devices to attacking larger businesses and corporations.
What is the FBI doing to stop ransomware attacks on critical infrastructure?
The FBI disrupted LockBit in 2024, seized ransomware-related domains including www.warzone.ws to aid in variant identification, and distributed thousands of decryption keys since 2022 that have prevented over $800 million in ransom payments. The agency also runs Operation Level Up with private sector partners to shut down fraud syndicates and illicit marketplaces.
The 2024 IC3 report reveals a cybercrime landscape that has outpaced law enforcement’s ability to contain it. Record losses, escalating attacks on critical infrastructure, and the structural advantages of cryptocurrency-enabled crime suggest that 2025 will bring even higher numbers. The FBI’s disruptions matter tactically, but strategically, the criminals are winning.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
