Ransomware attacks surge 50% in 2025 while ransom revenues remain stagnant
Fresh research from Chainalysis indicates cybercriminals are facing "harder work for less reward" due to increased regulatory enforcement and victims' growing refusal to meet ransom demands.
Ransomware incidents climbed by 50% throughout 2025 as cybercriminals pivoted their strategy away from major enterprise attacks toward targeting smaller and medium-sized businesses, based on findings from blockchain analytics company Chainalysis.
According to an annual assessment released on Wednesday, Chainalysis documented close to 8,000 total leak events during 2025, representing a 50% surge compared to 2024. Despite this increase in attack volume, the total value of on-chain ransom payments reached $820 million, reflecting an 8% decline from the previous year's figures.
The blockchain analytics firm attributed the reduction in overall ransom revenues to heightened regulatory oversight, law enforcement operations targeting money laundering infrastructure, and an increasing tendency among major corporations and institutions to reject ransom demands, compelling threat actors to redirect their efforts toward less substantial targets.
"We're seeing a structural shift in targeting: fewer large, headline-grabbing intrusions and more volume focused on small and medium enterprises. The assumption is simple — smaller victims pay faster," eCrime.ch founder Corsin Camichel said in the report, adding:
"However, Chainalysis' data shows payments trending downward despite an all-time high in public claims. That divergence is important. It suggests attackers are working harder for diminishing returns."
At the same time, the uptick in attack attempts was linked to an ongoing decline in the average "price for victim access" across dark web marketplaces, dropping from $1,427 at the beginning of 2023 down to $439 by early 2026.
An abundance of inexpensive malicious software and various ransomware variants flooding the marketplace, paired with artificial intelligence integrations designed to optimize attack workflows, has led to heightened productivity among threat actors, according to Chainalysis findings.
"We are seeing industrialized access pipelines, AI-assisted tooling, and a proliferation of infostealer logs that lower the barrier to entry, which has resulted in an oversupply of cheap but operationally constrained inventory that floods the market and depresses pricing."
Hackers and scammers causing crypto chaos
Notwithstanding a slight decrease in blockchain-based ransomware payments over the past year, 2026 has begun with significant losses stemming from cryptocurrency exploits and fraudulent schemes.
Based on a recent analysis from cybersecurity firm CertiK, an astounding $370.3 million in digital assets were pilfered during January through various exploits and scams. The majority of these stolen funds came from phishing operations, which were responsible for $311.3 million in losses.