TL;DR:
The latest report from Chainalysis uncovers an interesting paradox in cybercrime. It reveals higher criminal activity, yet ransomware payments in 2025 recorded a year-over-year drop of 8%, totaling $820 million compared to $892 million in 2024.
This downward trend occurs in a context where the number of reported victims grew by 50%. In response, experts suggest that companies are strengthening their recovery protocols and more successfully resisting extortion demands.
Furthermore, both the regulatory environment and sanctions against specific groups are complicating payment logistics for victims. Consequently, the rate of companies choosing to pay the ransom fell to 28%, an all-time low, reflecting a firmer corporate stance.
Despite the reduction in total volume, attackers are now pivoting toward more lucrative targets. Data reveals that the median payment soared from $12,738 to nearly $60,000, indicating that criminals are demanding more money from mid-sized companies.
On the other hand, ransomware infrastructure suffered significant blows due to international cooperation between law enforcement and the private sector. Operations such as “Endgame” have successfully dismantled servers and access networks that previously facilitated these massive intrusions.
Finally, the report warns that while criminal revenue is decreasing, the real economic damage remains devastating. Cases like Jaguar Land Rover demonstrate that operational impact and loss of market value far outweigh any on-chain payments made.
