- FBI 2025 Internet Crime Report Finds $17.6 Billion Stolen During Year
- Computer fraud and investment scams caused the biggest losses
- Ransomware indiscriminately hits hospitals, schools and critical infrastructure
The FBI has criticized cybercriminals for carrying out indiscriminate attacks against some of the most vulnerable elements of society, including schools and hospitals.
U.S. law enforcement agencies have presented their annual Internet Crime Complaint Center (ICR) report for 2025, providing insight into criminal activities, their effects on citizens and their efforts to combat the threat.
And according to the report, cybercriminals stole a shocking $17.6 billion in 2025, mostly through scams and fraud.
Article continues below
Fraud reaches new heights
Cyber fraud, where scammers trick people into giving up money, data, identities or buying counterfeit goods and services, accounts for almost 85% of all losses. At the same time, cyber fraud accounted for less than half (45%) of all complaints received by the IC3 last year (1,008,597 in total).
This means that the largest losses, on average, relate to cyber fraud.
The second largest type of attack is investment fraud, where victims are tricked into “investing” their money on fake cryptocurrency exchanges and in crypto tokens that appreciate incredibly quickly in value or offer high returns for staking.
Victims here lost $8.6 billion last year. In third place is Business Email Compromise (BEC), where criminals break into an executive’s email account and order their employees to discreetly make a bank transfer.
Target hospitals
But the biggest shame about cybercrime lies not in the money criminals take, but rather in who they take it from. Hospitals, schools, emergency services and municipal government agencies, to name a few.
During a presentation of the findings, Cyber Division Section Chief Taushiana Bright said there was an increase in the number of ransomware variants circulating online today. Currently, IC3 is studying more than 200 variants, actors and enablers, of which 63 were identified last year.
“Cybercriminals have indiscriminately attacked hospitals, emergency departments, schools and entire municipalities. I don’t see anything that they can’t do,” Bright said.
In total, IC3 received 3,611 complaints, resulting in losses of $32 million. This is up from 3,156 complaints recorded in 2024, when $12 million was lost. Although this may not seem like much, IC3 points out that many ransomware attacks still go unreported to authorities. In fact, some are also reported later.
Hitting critical infrastructure
Critical infrastructure and its 16 sectors essential to national security, economic stability and public health continue to face sustained pressure from ransomware, according to the report. These attacks have disproportionately affected these industries, with IC3 recording at least 655 ransomware incidents affecting organizations in these industries.
These incidents resulted in reported losses of more than $261 million, although the report cautions that the actual financial impact is likely much higher due to unaccounted for costs such as downtime and remediation. Authorities were able to freeze approximately $146 million related to these cases, reflecting a partial but significant response.
There was a time when even cybercriminals had a code of conduct. During the Covid years, ransomware operators DarkSide and LockBit specifically asked their affiliates not to target hospitals, and LockBit even publicly disavowed an affiliate after hitting Toronto’s SickKids Children’s Hospital.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
