-
The FBI’s Internet Crime Complaint Center (IC3) surprisingly received over 3,600 complaints related to ransomware in 2025, with the losses from these attacks going above $32 million.
-
Some of the targets were critical infrastructure organizations like healthcare providers, government agencies, and many others.
-
The FBI is imploring organizations not to pay these attackers the ransom they demand but instead should focus on achieving cyber resilience practices like secure backups, patch management, etc.
Ransomware attacks are one of the disruptive cyber threats that face organizations in the United States. The authorities saw reports of thousands of incidents during the first half of 2025.
In a public advisory, the FBI’s Philadelphia Field Office warned that ransomware operators have not stopped targeting organizations whose duties are to provide essential services to citizens. And this is creating more risks than just the financial losses because they affect public safety & operational continuity.
FBI Warns that Ransomware Continues to Threaten Critical Infrastructure
According to what the FBI revealed, many organizations made more than 3,600 ransomware complaints to its “Internet Crime Complaint Center (IC3)” arm in 2025, and those who fell victim of these attacks lost more than $32 million.
These figures are just from the attacks that the victims actually reported to federal authorities. But according to experts in cybersecurity, the actual losses will be way higher than that because many organizations don’t report such things when they happen.
The warning shows that the authorities are concerned about the attacks that bad actors are carrying out on critical infrastructure sectors and how to secure them.
The infrastructures under their radar include healthcare, the manufacturing sector, companies in transportation, and those in the energy sector. Also, organizations rendering emergency services, and those in charge of many government operations, are also their prime targets.
The alarming aspect is that these organizations are usually in charge of systems that make sure the daily economic activity plus public services are working efficiently.
Due to their sensitive activities, they are now very attractive targets for cybercriminal groups that aim to achieve their nefarious goals by disrupting their operations.
Federal authorities say ransomware has continued to be the best tool for cybercriminals to carry out cyber extortion because they can lock systems with encryption, grab sensitive data, & threaten the owners of a public disclosure if they refuse to pay all at the same time.
Criminal Groups Continue to Evolve Ransomware Tactics
The FBI notes that ransomware attacks have now entered a sophisticated stage because these cybercriminal organizations are running it as a business.
Many of the threat groups that are active today operate using the ransomware-as-a-service (RaaS) model, where different developers create & manage malware platforms and allow affiliates to use the tools to carry out intrusions and attack their victims.
This model has made it very easy for anyone to carry out a cybercrime and has increased the number of bad actors who have the capability to launch a large-scale ransomware attack. There is no need for high tech knowledge anymore because the tools are already at their disposal.
Notably, these attackers will first gain initial access via phishing emails and credentials they stole from the victims. In some cases, they exploit software vulnerabilities, remote access services, and third-party vendors whose credentials provide access to larger organizations.
Once inside the target network, threat actors move laterally and identify high-value systems within the organization.
Through these systems, they can move or transfer sensitive data and use encryption tools to lock organizations out, disrupting operations and demanding ransom.
In recent years, threat actors have adopted double-extortion tactics, stealing data and encrypting systems to pressure victims into paying quickly.
The consequences of these attacks can be severe for those involved. A Latvian man was recently sentenced for his role in major ransomware attacks on global firms, showing that perpetrators face legal consequences.
The reason critical infrastructure operators remain mostly vulnerable is because once there is an outage in their operations, it could quickly affect many of their customers, their employees, and most of all the public services.
Imagine where hospitals start experiencing delays in patient care, or manufacturers facing shut downs in production. What about municipal governments that might lose access to those administrative systems that are essential to their work.
Federal agencies continue to warn about ransomware attacks, as they have evolved beyond being solely an IT issue. They increasingly pose a major challenge to operational and business continuity, with the potential to impact an entire organization.
FBI Shares the Measures to Prevent these Attacks
As threat actors strengthen their tactics and target critical sectors, the FBI recommends preventing attacks, strengthening systems. Also improving recovery of data and operations after incidents.
Among other key things the agency recommended to prevent these attacks are:
- Making sure that operating systems, applications, plus software that the organizations use are up to date.
- Setting anti-virus & anti-malware solutions to update automatically & carry out scans regularly to know when there is a breach.
- Regularly back up critical operational data and ensure backup processes complete successfully every time.
- Secure backup systems by isolating them from accessible networks and storing them in segregated environments.
- Investing in the development and regular testing of business continuity plans and incident response plans.
Cybersecurity experts prefer offline & immutable backups as a very effective defense against data losses stemming from ransomware attacks.
In fact the FBI discourages the organization from paying the demands and according to their statement, “Paying a ransom doesn’t guarantee you or your organization will get any data back.”
The agency encourages victims to promptly report ransomware incidents through local field offices and the Internet Crime Complaint Center (IC3).
Apart from the best practices above, organizations can also leverage government resources. To help organizations strengthen their defenses, the FBI urges network defenders to use resources published through the StopRansomware initiative.
The program releases threat advisories that expose ransomware variants regularly. It also provides details on threat actor activities, indicators of compromise (IOCs), and observed tactics, techniques, and procedures (TTPs).
Authorities design these advisories to help organizations identify ransomware threats and prevent them before they disrupt operations.
