Ransomware attacks increased sharply in 2025, with nearly 8,000 public leak events recorded, a 50% jump from 2024, according to a new report by Chainalysis.
Despite the rise in incidents, total on-chain ransom payments fell 8% year-on-year to $820 million, suggesting attackers are generating less revenue even as activity accelerates.
Chainalysis attributed the decline in payments to stronger regulatory scrutiny, enforcement actions targeting laundering infrastructure and a growing refusal by large organisations to pay ransom demands.
“We’re seeing a structural shift in targeting: fewer large, headline-grabbing intrusions and more volume focused on small and medium enterprises,”
Said eCrime.ch founder Corsin Camichel, adding that attackers appear to be “working harder for diminishing returns.”
The surge in attack attempts has been fuelled by falling prices for initial network access on the dark web, which dropped from $1,427 in early 2023 to $439 at the start of 2026.
An oversupply of cheap ransomware tools, AI-assisted attack software and abundant infostealer data has lowered barriers to entry, increasing attack volume while depressing pricing power.
Although ransomware payments declined in 2025, 2026 has begun with significant crypto-related losses, with cybersecurity firm CertiK reporting $370.3 million stolen in January alone.
Phishing attacks accounted for $311.3 million of those January losses, highlighting that while ransom economics may be weakening, broader crypto-related cybercrime remains elevated.