Ransomware Crooks Are Busier Than Ever — But Making Less Money, Researchers Say

The cybercrime business is booming, at least on paper. According to a new report from blockchain analytics firm Chainalysis, the number of ransomware attacks jumped 50% in 2025, with nearly 8,000 separate incidents recorded throughout the year. Yet for all that hustle, hackers walked away with less cash than the year before.

Smaller Targets, Smaller Payouts

Total ransom payments collected in 2025 came in at $820 million — an 8% drop from 2024. Reports say the decline is tied to several factors: tougher rules from regulators, law enforcement cracking down on the networks criminals use to launder money, and a growing number of companies simply refusing to pay.

With big organizations shutting the door, attackers moved on to easier prey. Small and medium-sized businesses became the new focus. “Smaller victims pay faster,” said Corsin Camichel, founder of eCrime.ch, in the Chainalysis report.

But faster doesn’t mean bigger. Those smaller targets yield smaller sums, and that math is catching up with the criminals running these schemes.

The gap between how many attacks are being claimed publicly and how much money is actually being collected tells its own story. Attackers are filing more claims than ever, yet the money flowing back to them keeps shrinking.

According to Chainalysis, that gap signals something important — the people running these operations are putting in more work for a worse result.

Ransomware: The Cost Of Breaking In Has Fallen Sharply

Part of what’s fueling the surge in attack numbers is how cheap it has become to launch one. Reports note that the average price for purchasing access to a victim’s system on the dark web fell from $1,427 in early 2023 to just $439 by early 2026.

#CertiKStatsAlert

Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.

~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.

More details below pic.twitter.com/uXhi0P6dl5

— CertiK Alert (@CertiKAlert) January 31, 2026

Artificial intelligence tools and an oversupply of ready-made attack software have made it easier for more people to get into the ransomware game.

The result is a crowded field of attackers competing for the same pool of victims — and driving down their own profits in the process. It mirrors what happens in any flooded market. More sellers, same number of buyers, prices fall.

Even as ransomware payments trended downward last year, the broader picture of crypto-related crime remains grim. According to cybersecurity firm CertiK, $370 million in crypto was stolen in January 2026 alone through various exploits and scams.

Phishing attacks were responsible for the bulk of those losses, accounting for $311 million of the total. Ransomware may be generating less revenue for its operators, but the wider world of crypto theft is far from slowing down.

Featured image from Unsplash, chart from TradingView