Ransomware attacks climbed 50% in 2025 as cybercriminals redirected their efforts from high-profile corporations to small and medium-sized businesses, according to a new annual report from Chainalysis.
The blockchain analytics firm recorded nearly 8,000 leak events in 2025 — a 50% jump compared with 2024. Despite the surge in incidents, total on-chain ransom payments fell 8% year over year to $820 million.
Chainalysis attributed the decline in payments to tighter regulatory oversight, law enforcement crackdowns on money-laundering networks, and a growing reluctance among large organizations to meet ransom demands. As a result, attackers increasingly turned their attention to smaller targets.
“We’re seeing a structural shift in targeting: fewer large, headline-grabbing intrusions and more volume focused on small and medium enterprises. The assumption is simple — smaller victims pay faster,” said Corsin Camichel, founder of eCrime.ch, in the report.
“However, Chainalysis’ data shows payments trending downward despite an all-time high in public claims. That divergence is important. It suggests attackers are working harder for diminishing returns.”
The surge in attempted ransomware attacks has also been linked to a sharp drop in the average “price for victim access” on dark web marketplaces, which fell from $1,427 in early 2023 to just $439 at the start of 2026.
According to Chainalysis, a wave of low-cost ransomware variants and off-the-shelf hacking tools — increasingly enhanced with AI — has enabled cybercriminals to scale operations more efficiently, driving up the volume of attacks.
“We are seeing industrialized access pipelines, AI-assisted tooling, and a proliferation of infostealer logs that lower the barrier to entry,” the firm noted, adding that this has created an oversupply of inexpensive but limited-quality access listings, ultimately pushing prices down.
Hackers and scammers fuel crypto turmoil
Although ransomware payments on blockchain networks declined slightly last year, 2026 has begun with significant losses tied to crypto-related exploits and fraud.
A recent report from cybersecurity firm CertiK revealed that $370.3 million worth of cryptocurrency was stolen in January alone through hacks and scams. Phishing attacks accounted for the majority of the losses, totaling $311.3 million.
