Ransomware incidents up 50% in 2025, but payments stay flat
A new Chainalysis report suggests ransomware attackers are “working harder for diminishing returns” as regulatory pressure and refusals to pay have hurt ransom proceeds.
The number of ransomware attacks rose 50% in 2025 as hackers shifted their focus from large-scale attacks to small and medium-sized targets, according to blockchain analytics firm Chainalysis.
In an annual report published on Wednesday, Chainalysis said there were nearly 8,000 total leak events in 2025, a 50% increase from 2024. However, total on-chain ransom payments amounted to $820 million, marking an 8% decrease from 2024.
Chainalysis said increased regulatory scrutiny, enforcement actions targeting laundering network infrastructure, and a general refusal by big firms or organizations to pay ransoms all contributed to lower overall payments in 2025, forcing attackers to go after smaller targets.