Cybercrime, as defined in criminological literature, refers to unlawful acts where computing technology plays a central role. 1 Within this domain, ransomware constitutes a form of malicious code that restricts access to data or systems until a ransom is paid. Early cases such as the 1989 AIDS Trojan used rudimentary encryption and required postal payments. 2 Over time, ransomware has become more targeted and sophisticated:
▪ In 2013, CryptoLocker pioneered Bitcoin-based ransom payments. 3
▪ In 2017, WannaCry exploited a leaked National Security Agency tool to affect over 150 countries, disrupting hospitals and government services. 4
▪ Since 2019, ransomware-asa-service( RaaS) models have enabled cybercriminals to lease attack kits, reducing the technical barrier to entry. 5
This historical trajectory mirrors trends in financial crime typologies, where low barriers to entry and digital anonymity have similarly transformed traditional fraud schemes into transnational threats, fueling global proliferation.
Current threat landscape, systemic risk and economic impact
Ransomware attacks are now methodical and intelligencedriven. Attackers conduct pre-attack reconnaissance, exploit vulnerabilities and apply“ double extortion” tactics: stealing sensitive data before encrypting it and threatening to release it publicly unless payment is made. Palo Alto Network Unit 42 reported a 49 % increase in ransomware leak site activity from 2022 to 2023. 6 A 2024 Travelers’ report noted a 32 % quarterly rise in victim disclosures by RaaS groups. 7
Recent ransomware campaigns increasingly leverage artificial intelligence( AI) to enhance their effectiveness. AI is used to craft more persuasive phishing content, bypass traditional security controls and identify high-value targets through behavioral analysis. These advancements enable faster, more targeted and harder-todetect attacks, increasing overall operational and financial impact.
Financial losses are substantial. In 2024, average ransom demands exceeded $ 1.5 million, with recovery costs( including legal, operational and reputational damage) reaching $ 4.5 million. 8 Critical infrastructure sectors such as health care, energy and finance remain prime targets. These figures increasingly inform enterprise-wide risk assessments and are being integrated into compliance-driven resilience metrics, including business impact analyses and continuity plans.
Ransomware’ s broader financial impact includes diverted capital from growth initiatives, rising cyber insurance premiums and heightened scrutiny from regulators and auditors. Although blockchain analytics tools have improved, the use of cryptocurrencies still makes it difficult to trace illicit funds and increases the risk of financial institutions( FIs) being indirectly involved in laundering activities.
Intersection with AML and financial crime frameworks
Ransomware is now classified by the Financial Action Task Force( FATF) 9 as a predicate offense under AML regimes as stolen data is used to promote fraudulent transactions. This position aligns with FATF attack-pattern key typologies:
ACAMS Today | September – November 2025 47