- FBI’s 2025 Internet Crime Report Shows $17.6 Billion Stolen in Year
- Cyber fraud and investment scams caused the biggest losses
- Ransomware indiscriminately affects hospitals, schools and critical infrastructures
The FBI has criticized cybercriminals for carrying out indiscriminate attacks against some of the most vulnerable elements of society, including schools and hospitals.
The US law enforcement agency presented its annual Internet Crime Complaint Center (ICR) report for 2025, providing a snapshot of criminal activities, their effects on citizens and their efforts to combat the threat.
And according to the report, cybercriminals stole a staggering $17.6 billion in 2025, mostly through scams and fraud.
Article continues below.
Fraud reaches new highs
Cyber fraud, in which criminals trick people into revealing money, data, identities or are tricked into purchasing counterfeit goods and services, accounts for nearly 85% of all losses. At the same time, cyber fraud accounted for less than half (45%) of all complaints IC3 received last year (1,008,597 in total).
This means that the largest losses, on average, occur in cyber fraud.
Investment fraud, in which victims are tricked into “investing” their money in fake cryptocurrency exchanges and crypto tokens that appreciate incredibly quickly or offer high returns for staking, was the second largest type of attack.
Here, victims lost $8.6 billion last year. Third is Business Email Compromise (BEC), where criminals break into an executive’s email account and order their employees to silently make a wire transfer.
Go to hospitals
But the greatest shame of cybercrime is not in the money that criminals take, but from whom they take it. Hospitals, schools, emergency services and city government agencies, to name a few.
During a presentation of the findings, Cyber Division section chief Taushiana Bright said there has been an increase in the number of ransomware variants circulating online today. At the moment, IC3 is investigating more than 200 variants, actors and facilitators, 63 of which were identified last year.
“Cybercriminals have indiscriminately attacked hospitals, emergency services, schools and entire city governments. I can’t think of anything that is beyond their reach,” Bright said.
In total, IC3 received 3,611 complaints, resulting in losses of $32 million. This represents an increase from the 3,156 complaints in 2024, when $12 million was lost. While this may not seem like much, the IC3 emphasizes that many ransomware attacks are still not reported to authorities. Truth be told, some are also reported at a later date.
Hitting critical infrastructure
Critical infrastructure and its 16 sectors that are essential to national security, economic stability and public health continue to face sustained ransomware pressure, according to the report. These attacks have disproportionately impacted these sectors, with IC3 recording at least 655 ransomware incidents affecting organizations within these sectors.
Those incidents resulted in more than $261 million in reported losses, although the report warns that the actual financial impact is likely significantly higher due to unaccounted for costs such as downtime and remediation. Authorities were able to freeze approximately $146 million linked to these cases, reflecting a partial but significant response.
There was a time when even cybercriminals had a code of conduct. During the Covid years, ransomware operators DarkSide and LockBit specifically instructed their affiliates not to attack hospitals, and LockBit even publicly disavowed an affiliate after attacking Toronto’s SickKids children’s hospital.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
