This blog was written by Graham Cluley, originally published on Fortra Integrity and Compliance Monitoring’s blog. The opinions expressed in this are solely those of the contributor
The FBI is set to report that ransomware was the most pervasive cybersecurity threat to U.S. critical infrastructure during 2024.
As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year.
The annual report from the FBI’s Internet Crime Complaint Center (IC3) will reveal that the likes of manufacturing, healthcare, government facilities, financial services and IT were the top critical infrastructure sectors targeted by digital extortionists.
With the impact of ransomware being seen in production lines grinding to a standstill, hospital systems crippled, and pipelines turned off there could be significant impacts on public health and safety.
As such, ransomware attacks don’t just make for an IT headache, they are a potential national security crisis.
The unfortunate truth is that although law enforcement agencies have scored a number of wins, disrupting ransomware operations and bringing to justice some of those responsible, ransomware is not yesterday’s problem.
Indeed, the FBI has calculated that a record $16.6 billion was lost to cybercrime in 2024, a colossal 33% jump from 2023 — with much of the blame falling to ransomware and ransomware-related fraud.
It is clear that cybercriminal gangs are raking in profits like never before.
I hate to sound like a broken record, but none of this should be news to us.
Remember the Colonial Pipeline ransomware attack back in May 2021? That incident forced the shutdown of the largest fuel pipeline on the U.S. east coast, causing gas shortages and panic buying at the pumps. That incident even prompted President Joe Biden to sign an executive order calling on critical infrastructure industries to bolster their cybersecurity.
And then there was the ransomware attack on the world’s biggest meat supplier, JBS, which caused the meat supply chain to grind to a halt and ultimately resulted in the company paying $11 million to the REvil ransomware gang.
Fast forward to 2025, and ransomware attacks against critical infrastructure companies and organizations continue to grab the headlines, suggesting that all too often security gaps remain.
Action by police forces and investigators internationally have landed some punches, but the ransomware racket remains alive and well.
Clearly, organizations need to do better. Critical infrastructure firms need to treat cybersecurity as mission-critical, share meaningful information about threats, and take steps to harden their systems from attack.
Otherwise, we’ll be back here next year, reporting another surge and asking, yet again, when on earth things will begin to get better.
Ready to better secure your organization? Request a demo to see how we break the attack chain.
