{"id":43989,"date":"2026-02-26T22:36:48","date_gmt":"2026-02-26T14:36:48","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/26\/ransomware-payment-rate-drops-to-record-low-as-attacks-surge-2\/"},"modified":"2026-02-26T22:36:48","modified_gmt":"2026-02-26T14:36:48","slug":"ransomware-payment-rate-drops-to-record-low-as-attacks-surge-2","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/26\/ransomware-payment-rate-drops-to-record-low-as-attacks-surge-2\/","title":{"rendered":"Ransomware payment rate drops to record low as attacks surge"},"content":{"rendered":"\n

\"Ransomware<\/p>\n

The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks.<\/p>\n

A downward payment trend has been observed for the past four consecutive years by the blockchain intelligence platform Chainalysis<\/a>.<\/p>\n

At the moment, the total of on-chain ransomware payments in 2025 stands at $820 million, but the company notes that “the 2025 total is likely to approach or exceed $900 million as we attribute more events and payments.”<\/p>\n

\"Ransomware<\/a> <\/div>\n

Chainalysis reports a relative stability in the total number of payments, despite a 50% increase of ransomware attacks year-over-year.<\/p>\n

In 2024, the payment rate recorded by Chainalysis was more than double, at 62.8%, while in 2022, it was at 78.9%.<\/p>\n

\n
\"Ransomware
Data leak events (bars) and payment rate (line)<\/strong>
Source: Chainalysis<\/em><\/figcaption><\/figure>\n<\/div>\n

Data from Chainalysis also aligns with previous reports by Coveware<\/a>, which showed a steady decline in victim payment rates throughout 2025.<\/p>\n

According to the blockchain company, some of the factors that influenced the ransomware economy include improved incident response, regulatory scrutiny, international law enforcement actions, and market fragmentation.<\/p>\n

Current Chainalysis data shows that while aggregate revenue from ransomware activity declined, the median ransom payment rose significantly, up 368% from $12,738 in 2024 to $59,556 in 2025.<\/p>\n

This indicates that ransomware victims pay larger amounts for the hope that cybercriminals will delete the stolen data and not sell it to other threat actors or trade it.<\/p>\n

\n
\"Ransomware
Payment amounts graph<\/strong>
Source: Chainalysis<\/em><\/figcaption><\/figure>\n<\/div>\n

In 2025, the analysts observed 85 active extortion groups, far higher compared to previous years, when the ransomware space was dominated by a small number of threat groups and RaaS platforms.<\/p>\n

A few high-impact incidents Chainalysis highlights in its report include the attack at Jaguar Land Rover, which inflicted an estimated $2.5 billion in damages, the Marks & Spencer breach by the Scattered Spider threat group, and the DaVita Inc. ransomware breach that exposed 2.7 million patient records.<\/p>\n

For another year, the most targeted country was the United States, followed by Canada, Germany, and the U.K., showing threat actors’ preference for concentrating their efforts in developed economies.<\/p>\n

\n
\"Ransomware
Targeted countries and industries<\/strong>
Source: Chainalysis<\/em><\/figcaption><\/figure>\n<\/div>\n

Initial access brokers (IABs), hackers who sell access to compromised endpoints to ransomware operators, reportedly made $14 million in 2025, roughly the same as last year. This is only 1.7% of the total ransomware revenue last year, though initial access is a key enabler.<\/p>\n

Analysis shows that spikes in IAB payment inflows are followed by increases in ransomware payments and victim leak posts roughly 30 days later, suggesting IAB activity can act as a leading indicator.<\/p>\n

The average price for network access declined from approximately $1,427 in Q1 2023 to just $439 in Q1 2026, indicating that automation, AI-assisted tooling, and oversupply from info-stealer logs have shaped the industry.<\/p>\n

Chainalysis says that although ransom payments declined last year, the scale, sophistication, and real-world impact of ransomware attacks continued to grow, impacting organizations of all sizes and backgrounds globally.<\/p>\n

The researchers believe ransomware is going through a phase of adaptation, rather than losing the fight, evolving tactics to extract more value from an ever-decreasing number of consenting victims.<\/p>\n