Ransomware attacks are rarely being reported to the FBI, new data shows

An absurdly small number of companies affected by ransomware reported the incidents to the feds last year, newly released FBI data shows.
SamSam ransomware

An absurdly small number of companies affected by ransomware reported the incidents to the federal government last year, newly released FBI data shows.

While more than a third of all ransomware infections occurred in the U.S. last year, according to U.S. cybersecurity firm Symantec, the FBI’s Internet Crime Complaint Center (IC3) only “received 2,673 complaints identified as ransomware” in 2016 amounting to “losses of over $2.4 million,” according to a new report.

Current private sector estimates for total ransomware losses in 2016 alone exceeded $100 million, said Vincent Weafer, vice president of McAfee Labs, and that’s “likely on the conservative side.”

Verizon also found that ransomware infections were up 50 percent from 2015 to 2016. And McAfee saw more than 9 million cases of ransomware during the same time period.


“One of the biggest problems with prosecuting ransomware is the recalcitrance of organizations and people in reporting they were hacked,” said John Bambenek, a threat intelligence manager with Fidelis Cybersecurity. “Companies in particular are paranoid to report they have been hit with ransomware.”

The fact that very few victims of ransomware are willing to proactively reach out to U.S. law enforcement is not especially surprising or a new problem for the FBI. But the discrepancy between the FBI’s visibility into this issue when compared with the cybersecurity industry’s understanding of it is noteworthy.

Via 2016 IC3 report

“While [a victim of ransomware] may keep the infection swept under the rug, we don’t have some of the most basic data to investigate and prosecute these crimes which perpetuates the entire system,” said Bambenek, who has worked with the FBI in the past.

Though the bureau’s figures may be low, global ransomware antivirus detections in fact rose by 36 percent year-over-year to approximately 1,270 detections per day in 2016, according to Symantec.


New ransomware families discovered more than tripled from 30 in 2015 to 101 in 2016.

A growth in the number of ransomware variants helps to underscore just how popular the scheme has recently become. In most cases, ransomware is spread through phishing emails, security experts say.

Via 2016 IC3 report

There may be an explanation for why the FBI’s figures appear to be off.

“Only an estimated 15 percent of the nation’s fraud victims report their crimes to law enforcement,”an FBI spokesperson said. “This 15 percent figure is just a subset of the victims worldwide.”


The IC3 acts as a central platform for internet users to report cybercrime-related activity to U.S. law enforcement.

The organization’s aforementioned report does not include direct, one-on-one interactions between the FBI and ransomware victims that privately communicated with, for example, an FBI field office — meaning that there are likely other victims, beyond the IC3’s purview, that the bureau knows about. 

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts