According to the latest 2026 Crypto Crime Report from Chainalysis, total ransomware payments in 2025 fell to approximately $820 million, marking an 8% decrease from the $892 million recorded in 2024. This decline occurred despite a 50% increase in the number of victims claimed on ransomware leak sites, creating a notable paradox of higher criminal activity but lower revenue for attackers.
The report highlights a significant strategic shift in the ransomware landscape. While total payments are down, the median ransom payment skyrocketed by 368%, rising from $12,738 to nearly $60,000. This indicates that attackers are pivoting towards more lucrative, targeted attacks on mid-sized companies, even as the overall volume of attacks grows.
Several key factors are driving the reduction in total payments. The rate of companies choosing to pay ransoms fell to an all-time low of 28%, reflecting stronger corporate resistance. Enhanced cybersecurity defenses, improved data recovery protocols, and greater international law enforcement coordination—such as the successful "Endgame" operation that dismantled critical ransomware infrastructure—are making it harder for criminals to succeed. Furthermore, regulatory pressure and sanctions against crypto addresses linked to ransomware groups are complicating payment logistics for victims.
Chainalysis data provides a longer-term view of ransomware payments, showing a peak of $1.23 billion in 2023, followed by declines in 2024 ($892M) and 2025 ($820M). The report concludes that while the profitability of large-scale ransomware operations is eroding, the economic damage from attacks—such as operational disruption and loss of market value, exemplified by the case of Jaguar Land Rover—remains devastating.
