IC3 report chart

IC3 report stats

The number of people who reported ransomware infections to US authorities has gone down last year, according to a yearly FBI Internet crime report.

During 2017, the FBI says it received only 1,783 complaints regarding ransomware infections, a number far smaller than the 2,673 complaints it received in 2016, and the 2,453 complaints received in 2015.

The number is surprisingly low because ransomware was the threat of the year in 2017, with many ransomware strains active all last year, including three global ransomware outbreaks that also made victims in the US.

Complaints received by the IC3
2014 2015 2016 2017
1,402 2,453 2,673 1,783

Ransomware was the 24th most report cybercrime in the US

The 1,783 complaints ranked ransomware the 24th most reported cyber-crime in the US. Based on reports received by the FBI's Internet Crime Complaint Center (IC3), victims said ransomware caused total damages of $2,344,365, also ranked 24th.

What these numbers show is that victims are (still) not reporting ransomware infections to law enforcement officials, opting in most cases to pay ransoms, restore from backups, or reinstall PCs without filing a complaint.

The FBI has urged victims to report ransomware infections to the IC3, so agents have the legal baseline to go after ransomware authors and get an overview of this crime's impact.

As we wrote in an article last year, "the discrepancy between FBI and private sector reports is a big issue with authorities since they use these complaints to get an overall view of today's cyber-crime landscape."

With BEC scams, non-delivery complaints, and data breach complaints remaining prevalent, the FBI is more likely to allot more agents to go after these cyber-crimes instead of hunting down ransomware scum.

On the record: The FBI does not support paying a ransom

"In all cases [of ransomware infections] the FBI encourages organizations to contact a local FBI field office immediately to report a ransomware event and request assistance," the FBI says. "

"The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom.

"Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved," the Agency said. "While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."

More details about the currency cyber-crime trends are available in the FBI's 2017 Internet Crime Report.

Related Articles:

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - December 14th 2018 - Slow Week

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

Ransomware Infects 100K PCs in China, Demands WeChat Payment