FBI: $6.9 billion lost through internet crimes in 2021

Nearly $7 billion was lost through internet crimes in 2021, surpassing a record set in 2020 by about $1.7 billion, according to the FBI’s annual Internet Crime Report.

The report compiles information from the FBI’s Internet Crime Complaint Center and the 2021 report, released Tuesday, showed startling increases in the number of complaints and money lost. 

The center received 847,376 complaints throughout the year, with most concerning ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency. It represents a 7% increase compared to 2020 and the FBI received an average of more than 2,300 complaints each day.

Paul Abbate, deputy director of the FBI, said BEC crimes led to 19,954 complaints with an adjusted loss of nearly $2.4 billion in 2021. 


Image: FBI IC3

Romance scams led to reports from 24,299 victims who experienced more than $956 million in losses, the third highest loss total in the report. The scams also included 18,000 sextortion-related complaints, with losses over $13.6 million.

The FBI also found that thousands of romance scams involved cryptocurrency, with more than 4,325 complaints leading to over $429 million in losses. 

The number of cryptocurrency scam victims in general fell in 2021 compared to 2020 but due to the increase in value of cryptocurrency, the losses reached more than $1.6 billion in 2021. 

The IC3 also received thousands of reports of scams involving cryptocurrency ATMs, with victims reporting $28 million in losses due to what the FBI said are lax regulations around the machines. 


Victim breakdown

The report breaks down the losses by age group, showing that those aged 60 and older suffered the largest losses at $1.68 billion. People in their 50s lost $1.26 billion and those in their 40s suffered a total of $1.9 billion in losses. More than $937 million was lost by people in their 30s and $431 million was lost by people in their 20s. 

California far surpassed all other states in terms of the number of victims with 67,095. Texas came in second with 41,148 victims and New York was third at 29,065. Illinois, Nevada, Ohio and Pennsylvania all had over 17,000 victims. 

Victims in California suffered $1.2 billion in losses, doubling the figures seen by the next three states of Texas, New York and Florida – all of which had losses between $525 million and $606 million. 

Most international victims who sent in complaints to the FBI came from the UK, Canada, India, Australia, France and South Africa. 

Ransomware was also a major part of the report, with the FBI revealing that nearly $50 million was lost as a result of attacks. In total, the FBI received 649 complaints from critical infrastructure organizations that suffered ransomware attacks.

Of the 16 critical infrastructure sectors laid out by the White House last year, 14 had at least one organization hit with ransomware in 2021 — only dams and the "Nuclear Reactors, Materials, and Waste" sector didn't report incidents.


Image: FBI IC3

The most common ransomware variants in 2021 were Conti, LockBit, and REvil/Sodinokibi, with Conti standing out as the group most likely to target the manufacturing, commercial, food and agriculture sectors. 

LockBit typically attacked government entities, healthcare organizations and financial services companies according to the FBI. REvil most frequently targeted organizations in the financial services, IT and healthcare sectors. 

FBI data showed that healthcare organizations, financial services companies and IT firms were the most frequent victims of ransomware.

Despite the high number of victims, the FBI said it expects an increase in the number of critical infrastructure victims in 2022. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.