BEC was the Star of the Show, but Ransomware was its Understudy in the 2021 IC3 Report

March 31, 2022

Every year, the U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) releases a report detailing the cybercrime trends it’s spotted and just how much loss it all adds up to. The IC3 was established in May 2000 to receive complaints of internet-related crime and has received more than 6.5 million complaints since its inception. Over the last five years, the IC3 has received an average of 552,000 complaints per year, or about 2,300 per day from people and businesses that have somehow been swindled or otherwise damaged financially on the internet. While IC3 is careful to note that its aggregated data comes from only internet-related crimes that are formally reported to law enforcement, it’s still a largely accurate snapshot of how cybercrime is trending. 


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


BEC Remains the Champion with Another Dramatic Rise


As always, business email compromise (BEC) is at the top of the chart. Even though 2020 was a record-breaking year for BEC losses, 2021 has managed to not just surpass it but blow that record out of the water. The BEC/EAC category showed that complainants to IC3 suffered $2,395,953,296 in losses in 2021, 28% higher than 2020’s record total of $1,866,642,107, with 3% more total BEC complaints. Investment scams rolled in in second place, up an astonishing 333% over 2020. A solid chunk of those investment scams involved cryptocurrency. In 2021, IC3 received 34,202 complaints involving the use of some type of cryptocurrency. The total loss amount for those complaints was staggering, increasing nearly seven-fold, from 2020’s reported amount of $246,212,432 to total reported losses in 2021 of more than $1.6 billion. 


Source: FBI IC3


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


Ransomware Rocked 14 of 16 Infrastructure Sectors


But another notable portion of the report focused on ransomware and the tidal wave of ransomware attacks that have surged over the business landscape in the last two years. If you thought 2021 was a much busier year for ransomware outfits, you were right. Both the number of complaints and the total losses associated with those complaints set new records. In 2021, the IC3 received 3,729 complaints identified as ransomware in 2021, a 51% increase over 2020’s already impressive 2474. Those complaints also cost victims a lot more money than in previous years. Ransomware victims suffered losses of more than $49.2 million. That’s a 69% increase over the $29,157,405 recorded in 2020. No business is too small – 50% of ransomware attacks last year hit SMBs, and 55% hit businesses with fewer than 100 employees.   

Ransomware also came into the spotlight as a glaring threat to infrastructure in 2021. This report bears out that conclusion, dedicating a small section to ransomware’s impact on infrastructure and infrastructure-related targets. IC3 reports that organizations in 14 of the 16 critical infrastructure categories experienced at least one ransomware attack in 2021. The report noted that IC3 did not begin tracking infrastructure attacks as a designation until June 2021, so attacks against infrastructure targets before that date were not included in the total. The 16 critical infrastructure sectors referenced in this report were designated by the US Cybersecurity & Infrastructure Security Agency (CISA).  


Source: FBI IC3


The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>


Healthcare Was Hit with the Most Ransomware Attacks


The healthcare and public health sector was the worst hit, enduring 148 ransomware attacks. Since the start of the global pandemic, healthcare-related targets have been firmly in cybercriminals’ sights. An estimated 45% of the data breaches recorded in healthcare settings are the result of a ransomware attack, 10% higher than in any other industry. It’s an attractive sector for cybercriminals because it is a time-sensitive field, and many outlets like hospitals and care centers can’t afford to be shut down for any length of time because of the menace to public health. Healthcare institutions in the US tend to be well funded as well, upping the chance that the gang will score a solid payday

Healthcare data is a highly desirable in the booming dark web data markets. In a September 2021 report, The Impact of Ransomware on Healthcare During COVID-19 and Beyond, researchers at the Ponemon Institute explored the impact of increased cybercrime during the global pandemic. The majority of respondents (60%) admitted that their healthcare industry organizations had experienced a data breach in the past two years. On average, each breach incident exposed 28,505 records and cost an average of $837,750


How safe is your email domain? Find out now with our domain checker. CHECK YOUR DOMAIN>>


Finance Took a Beating (With a Little Help from Crypto)


Financial services came in second, experiencing 89 ransomware attacks in the measured period. Financial services, banking and related fields have come to the forefront of industries on the cybercriminal hit list in the U.S. in 2021. When looking at the picture for cyberattacks including ransomware against financial sector targets in 2021 worldwide, finance shoots to the top of the heap. The banking industry saw a 1,318% increase in the number of ransomware attacks waged against it in the first half of 2021, with 22% of ransomware attacks in Q4 2021 aimed at financial services targets. 

Some of that late-year action was the result of a flurry of attacks on DeFi targets as cybercriminals sought a quick way to snag crypto. DeFi fraud and hacks combined for a total of $474 million lost just in the first half of 2021.  This trend was particularly apparent in late 2021 when at least one De Fi platform was getting hit every week. DeFi-related hacks made up 76% of all major hacks in 2021. The IC3 report also got into cryptocurrency-related cybercrime. In 2021, IC3 received 34,202 complaints involving the use of some type of cryptocurrency. While the actual number of complaints dropped slightly from 35,229 recorded in 2020, the total loss amount for those complaints exploded. Cryptocurrency-related losses increased nearly seven-fold, from 2020’s reported amount of $246,212,432 to a total reported loss of more than $1.6 billion in 2021. 

In a wild year for cybercrime, businesses and individuals paid the price for security mishaps, setting new records for reported incidents and the total losses suffered by victims. IC3 received 847,376 reported complaints in 2021, a 7% increase from 2020. Although 2020 was a record-breaking year for cybercrime losses as well, 2021 sailed right past it into new vistas of loss for everyone except the bad guys, shooting up by 48% to a painful $6.9 billion. 


See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Stop Ransomware Attacks, BEC and Other Phishing-Related Business Killers with the Power of AI and Automated Email Security 


In this dangerous world, every organization needs powerful email security that can stand up to the test of combatting today’s sophisticated threats without a high price tag. Graphus answers that call.   

  • Put 3 layers of protection between employees and dangerous phishing messages  
  • Automated email solutions like Graphus catch 40% more malicious messages than conventional solutions or a SEG.  
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm. 
  • Rely on real analysis, not just a problematic safe sender list.    
  • More than 50 points of comparison enable Graphus to sniff out targeted spear phishing, ransomware, zero-day attacks and other complex threats.  

Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. Contact one of our solutions specialists today 


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus