Ransomware payments flat despite a surge in attacks defines the current state of cybercrime, according to a new report. The number of ransomware attacks rose 50% in 2025 as hackers shifted their focus from large-scale attacks to small and medium-sized targets, according to blockchain analytics firm Chainalysis.
In an annual report published on Wednesday, Chainalysis said there were nearly 8,000 total leak events in 2025, a 50% increase from 2024. However, total on-chain ransom payments amounted to $820 million, marking an 8% decrease from 2024.
Chainalysis said increased regulatory scrutiny, enforcement action on laundering network infrastructure, and a general refusal of big firms or organizations to pay ransoms all contributed to lower overall payments in 2025, forcing attackers to go after smaller targets.
“We’re seeing a structural shift in targeting: fewer large, headline-grabbing intrusions and more volume focused on small and medium enterprises. The assumption is simple — smaller victims pay faster,” eCrime.ch founder Corsin Camichel said in the report, adding:
“However, Chainalysis’ data shows payments trending downward despite an all-time high in public claims. That divergence is important. It suggests attackers are working harder for diminishing returns.”
Meanwhile, the increased number of attempted attacks was attributed to a continued reduction in the average “price for victim access” on the dark web, going from $1,427 at the start of 2023 to $439 at the start of 2026.
A flood of cheap software and ransomware strains on the market, combined with AI integrations to streamline attacks, has resulted in increased output by hackers, Chainalysis said. The report highlights that despite the increase in attacks, ransomware payments flat showing a shift in the dynamics of cybercrime.
“We are seeing industrialized access pipelines, AI-assisted tooling, and a proliferation of infostealer logs that lower the barrier to entry, which has resulted in an oversupply of cheap but operationally constrained inventory that floods the market and depresses pricing.”
Analyzing Ransomware Payments Flat Trends
The new data indicates that despite a significant increase in the volume of attacks, the overall monetary success for cybercriminals has diminished. This suggests that companies are becoming more resilient, either by improving their defenses or refusing to pay ransoms. The trend of ransomware payments flat signals a potential shift in the cost-benefit analysis for attackers.
Hackers and scammers causing crypto chaos
Despite a modest reduction in blockchain ransomware payments last year, 2026 has kicked off with some big losses from crypto exploits and scams.
Related: related Crypto news
According to a recent report from cybersecurity company CertiK, there was a whopping $370.3 million worth of crypto stolen in January by expl…
The Role of Regulatory Scrutiny
Increased regulatory scrutiny and enforcement actions are playing a significant role in curbing the profitability of ransomware attacks. By targeting the infrastructure used to launder ransom payments, authorities are making it more difficult for cybercriminals to monetize their attacks. This increased pressure contributes to the observed trend of ransomware payments flat.
Impact on Small and Medium Enterprises
While large corporations are increasingly refusing to pay ransoms, small and medium-sized enterprises (SMEs) remain vulnerable. The shift in focus towards SMEs reflects the attackers’ belief that smaller victims are more likely to pay quickly. However, the data suggests that even this strategy is not as lucrative as it once was, further emphasizing the ransomware payments flat trend.
In conclusion, the cyber landscape is evolving. While the volume of ransomware attacks is increasing, the overall payments are not. This suggests that businesses are becoming more resilient, and regulatory efforts are having a positive impact. The trend of ransomware payments flat indicates a shift in the economics of cybercrime, forcing attackers to work harder for diminishing returns.




