3 Minutes
Ransomware attacks spike while ransom payouts decline
Blockchain analytics firm Chainalysis reports a sharp 50% increase in ransomware leak events in 2025, even as on-chain ransom payments dropped. The data suggests a clear shift in attacker behavior: cybercriminals are launching more incidents but collecting less in crypto payouts.
Chainalysis findings: volume up, proceeds down
Chainalysis recorded nearly 8,000 public leak events in 2025 — up 50% from 2024 — while total blockchain-based ransom payments fell to roughly $820 million, an 8% decline year-over-year. Analysts attribute the divergence to stronger regulatory enforcement, targeted actions against laundering infrastructure, and a growing unwillingness by major firms to pay ransoms. These forces have pressured attackers to target smaller organizations where payouts may be faster but often smaller.
Smaller targets, diminishing returns
Experts quoted in the report note a structural pivot toward small and medium-sized enterprises (SMEs). Corsin Camichel, founder of eCrime.ch, summarizes the trend: attackers are focusing on volume over headline-grabbing breaches under the assumption that smaller victims will pay quickly. Chainalysis data, however, shows overall payments trending downward despite an all-time high in public extortion claims — a sign that adversaries are "working harder for diminishing returns." This is important for readers monitoring ransomware economics, bitcoin flow tracing, and crypto risk exposure.
Drivers: cheaper access, AI tooling and oversupply
The report links the surge in attempted attacks to a collapse in the average dark-web "price for victim access," which fell from $1,427 at the start of 2023 to $439 by early 2026. An influx of inexpensive ransomware kits, prolific infostealer logs, industrialized access pipelines, and AI-assisted tooling has lowered the entry barrier for cybercriminals. Chainalysis warns this oversupply of cheap but operationally constrained inventory has flooded the market and depressed prices.
Annual on-chain ransomware losses since 2020.
Crypto exploits and scams remain a major threat
Although on-chain ransomware payments eased modestly, crypto-related losses continued to accumulate in 2026 via exploits and scams. Cybersecurity firm CertiK reported $370.3 million stolen in January alone, with phishing scams responsible for $311.3 million of that total. The combination of social-engineering attacks, DeFi vulnerabilities, and phishing highlights that blockchain analytics and stronger operational security remain essential for exchanges, custodians, and institutional crypto holders.
What this means for the crypto ecosystem
For blockchain businesses and security teams, the takeaway is twofold: expect higher attack frequency and prioritize prevention over ransom negotiations. Investments in incident response, robust backups, multi-layered authentication, and proactive blockchain monitoring can reduce exposure. Regulators, law enforcement, and on-chain analytics providers will likely continue to shape the economics of ransomware and crypto-enabled crime.
Source: cointelegraph
Leave a Comment