Ransomware Attacks on Critical Infrastructure Surge, Reports FBI

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024. 

As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year. 

The annual report from the FBI’s Internet Crime Complaint Center (IC3) will reveal that the likes of manufacturing, healthcare, government facilities, financial services and IT were the top critical infrastructure sectors targeted by digital extortionists. 

With the impact of ransomware being seen in production lines grinding to a standstill, hospital systems crippled, and pipelines turned off there could be significant impacts on public health and safety. 

As such, ransomware attacks don’t just make for an IT headache, they are a potential national security crisis. 

The unfortunate truth is that although law enforcement agencies have scored a number of wins, disrupting ransomware operations and bringing to justice some of those responsible, ransomware is not yesterday’s problem. 

Indeed, the FBI has calculated that a record US $16.6 billion was lost to cybercrime in 2024, a colossal 33% jump from 2033 – with much of the blame falling to ransomware and ransomware-related fraud. 

It is clear that cybercriminal gangs are raking in profits like never before. 

I hate to sound like a broken record, but none of this should be news to us. 

Remember the Colonial Pipeline ransomware attack back in May 2021? That incident forced the shutdown of the largest fuel pipeline on the US East Coast, causing gas shortages and panic buying at the pumps. That incident even prompted President Joe Biden to sign an executive order calling on critical infrastructure industries to bolster their cybersecurity. 

And then there was the ransomware attack on the world’s biggest meat supplier, JBS, which caused the meat supply chain to grind to a halt and ultimately resulted in the company paying US $11 million to the REvil ransomware gang. 

Fast forward to 2025, and ransomware attacks against critical infrastructure companies and organisations continue to grab the headlines – suggesting that all too often security gaps remain. 

Action by police forces and investigators internationally have landed some punches, but the ransomware racket remains alive and well. 

Clearly, organisations need to do better. Critical infrastructure firms need to treat cybersecurity as mission-critical, share meaningful information about threats, and take steps to harden their systems from attack. 

Otherwise, we’ll be back here next year, reporting another surge and asking, yet again, when on earth things will begin to get better.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.