- The FBI’s 2025 Internet Crime Report shows $17.6 billion stolen a year
- Cyber-enabled fraud and investment fraud caused the biggest losses
- Ransomware targets hospitals, schools and critical infrastructure indiscriminately
The FBI has criticized cybercriminals for carrying out indiscriminate attacks against some of the most vulnerable elements of society, including schools and hospitals.
The US law enforcement agency released its annual 2025 Internet Crime Complaint Center (ICR) report, which provides a snapshot of criminal activities, their impact on citizens and their efforts to combat the threat.
And according to the report, cybercriminals stole a shocking $17.6 billion by 2025 — mostly through fraud and fraud.
The article continues below
Fraud hits new heights
Cyber-enabled fraud, where crooks trick people into giving away money, data, identities, or dupe them into buying counterfeit goods and services, accounts for nearly 85% of all losses. At the same time, cyber-enabled fraud accounted for less than half (45%) of all complaints IC3 received last year (1,008,597 in total).
This means that the biggest losses on average are cyber-enabled fraud.
Investment scams, in which victims are tricked into “investing” their money in fake cryptocurrency exchanges and in crypto tokens that either increase incredibly quickly in value or offer high returns for effort, were the second largest type of attack.
Here, victims lost 8.6 billion dollars last year. In third place is Business Email Compromise (BEC), where criminals break into a manager’s email account and order their employees to quietly make a wire transfer.
Targeted hospitals
But the biggest shame of cybercrime isn’t the money the criminals take – it’s the people they take it from. Hospitals, schools, emergency personnel and city authorities, to name a few.
During a presentation of the findings, Cyber Division’s section chief Taushiana Bright said that there has been an increase in the number of ransomware variants circulating online today. Currently, IC3 is investigating more than 200 variants, actors and activators, of which 63 were identified last year.
“Cybercriminals have indiscriminately attacked hospitals, emergency workers, schools and entire city governments. I can’t think of anything that is off-limits to them,” Bright said.
In total, IC3 received 3,611 complaints, resulting in $32 million in losses. This is up from 3,156 complaints in 2024, when $12 million was lost. While this may not sound like much, IC3 emphasizes that many ransomware attacks still go unreported to the authorities. In fact, some are also reported at a later date.
Affects critical infrastructure
Critical infrastructure and its 16 sectors critical to national security, economic stability and public health continue to face sustained ransomware pressure, the report found. These attacks have disproportionately affected these sectors, with IC3 recording at least 655 ransomware incidents affecting organizations within these sectors.
These incidents resulted in more than $261 million in reported losses, although the report cautions that the real financial impact is likely to be significantly greater due to undetermined costs such as downtime and remediation. Authorities were able to freeze approximately $146 million linked to these cases, reflecting a partial but meaningful response.
There used to be a time when even cybercriminals had a code of conduct. During the Covid years, ransomware operators DarkSide and LockBit specifically instructed their affiliates not to target hospitals, and LockBit even publicly disowned an affiliate after hitting Toronto’s SickKids Children’s Hospital.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
