Ransomware Crooks Are Busier Than Ever — But Making Less Money, Researchers Say

bitcoinistPublicado a 2026-02-27Actualizado a 2026-02-27

Resumen

According to a Chainalysis report, ransomware attacks increased by 50% in 2025, with nearly 8,000 incidents recorded. However, total ransom payments fell by 8% to $820 million. This decline is attributed to stricter regulations, improved law enforcement, and more companies refusing to pay. Attackers have shifted focus to small and medium-sized businesses, which pay faster but yield smaller sums. The cost of launching attacks has also decreased significantly, with access to victim systems on the dark web dropping from $1,427 in 2023 to $439 in early 2026. Despite the drop in ransomware revenue, broader crypto crime remains significant, with $370 million stolen in January 2026 alone, mostly through phishing attacks.

The cybercrime business is booming, at least on paper. According to a new report from blockchain analytics firm Chainalysis, the number of ransomware attacks jumped 50% in 2025, with nearly 8,000 separate incidents recorded throughout the year. Yet for all that hustle, hackers walked away with less cash than the year before.

Smaller Targets, Smaller Payouts

Total ransom payments collected in 2025 came in at $820 million — an 8% drop from 2024. Reports say the decline is tied to several factors: tougher rules from regulators, law enforcement cracking down on the networks criminals use to launder money, and a growing number of companies simply refusing to pay.

With big organizations shutting the door, attackers moved on to easier prey. Small and medium-sized businesses became the new focus. “Smaller victims pay faster,” said Corsin Camichel, founder of eCrime.ch, in the Chainalysis report.

But faster doesn’t mean bigger. Those smaller targets yield smaller sums, and that math is catching up with the criminals running these schemes.

Source: Chainalysis

The gap between how many attacks are being claimed publicly and how much money is actually being collected tells its own story. Attackers are filing more claims than ever, yet the money flowing back to them keeps shrinking.

BTCUSD now trading at $67,800. Chart: TradingView

According to Chainalysis, that gap signals something important — the people running these operations are putting in more work for a worse result.

Source: Chainalysis

Ransomware: The Cost Of Breaking In Has Fallen Sharply

Part of what’s fueling the surge in attack numbers is how cheap it has become to launch one. Reports note that the average price for purchasing access to a victim’s system on the dark web fell from $1,427 in early 2023 to just $439 by early 2026.

Artificial intelligence tools and an oversupply of ready-made attack software have made it easier for more people to get into the ransomware game.

The result is a crowded field of attackers competing for the same pool of victims — and driving down their own profits in the process. It mirrors what happens in any flooded market. More sellers, same number of buyers, prices fall.

2026 Has Already Seen Major Crypto Losses

Even as ransomware payments trended downward last year, the broader picture of crypto-related crime remains grim. According to cybersecurity firm CertiK, $370 million in crypto was stolen in January 2026 alone through various exploits and scams.

Phishing attacks were responsible for the bulk of those losses, accounting for $311 million of the total. Ransomware may be generating less revenue for its operators, but the wider world of crypto theft is far from slowing down.

Featured image from Unsplash, chart from TradingView

Preguntas relacionadas

QAccording to the Chainalysis report, what was the percentage increase in ransomware attacks in 2025 and the total number of incidents?

AThe number of ransomware attacks jumped 50% in 2025, with nearly 8,000 separate incidents recorded.

QWhat was the total value of ransom payments collected in 2025 and how does it compare to the previous year?

ATotal ransom payments collected in 2025 came in at $820 million, which is an 8% drop from 2024.

QWhat are the three main factors cited for the decline in ransom payments?

AThe decline is tied to tougher rules from regulators, law enforcement cracking down on money laundering networks, and a growing number of companies refusing to pay.

QHow much did the average price for purchasing access to a victim's system on the dark web fall between early 2023 and early 2026?

AThe average price fell from $1,427 in early 2023 to just $439 by early 2026.

QHow much cryptocurrency was reported stolen in January 2026 by CertiK, and what type of attack was responsible for the majority of those losses?

A$370 million in crypto was stolen in January 2026, with phishing attacks accounting for the bulk of those losses at $311 million.

Lecturas Relacionadas

ZEC Co-Founder Responds to Orchard Vulnerability: No Signs of Theft, Orchard Pool to Be Sealed

ZEC Co-Founder Addresses Orchard Vulnerability: No Signs of Theft, Plans to Sunset Orchard Pool A security vulnerability was recently discovered in Zcash's Orchard shielded pool, raising key concerns. The primary questions are whether the flaw was exploited, if user funds are safe, whether users can verify the total ZEC supply, and if other similar vulnerabilities exist. Analysis suggests the vulnerability was likely not exploited prior to its discovery. It was found proactively by a researcher using specialized tools, not due to an active breach. The development team and mining pools acted quickly to contain the issue. Typical financially-motivated attacks would likely have left visible on-chain evidence, which has not been observed. User funds in Orchard are considered safe and should be recoverable, assuming no prior exploitation. If the flaw was never used, all legitimate funds can be withdrawn. The article outlines risks associated with moving funds to transparent addresses or other pools, but concludes that leaving assets in place is a reasonable option. Currently, users cannot independently verify that the total ZEC supply hasn't been inflated due to this bug. However, the planned Ironwood network upgrade is designed to resolve this. It will permanently close the Orchard pool to new deposits and internal transfers, allowing only withdrawals. This mechanism will cap total withdrawals at the amount of legitimately deposited funds, enabling anyone to cryptographically verify the supply post-upgrade. Multiple teams, including Shielded Labs, have conducted extensive audits focused on counterfeiting vulnerabilities, assisted by advanced AI tools. No additional flaws of this type have been found so far, increasing confidence that no other similar undisclosed vulnerabilities exist. In summary, evidence indicates the Orchard bug was probably not used, user funds are secure, and no other counterfeiting flaws are currently known. The upcoming Ironwood upgrade will restore users' ability to independently verify the total ZEC supply, closing this chapter.

Foresight NewsHace 3 min(s)

ZEC Co-Founder Responds to Orchard Vulnerability: No Signs of Theft, Orchard Pool to Be Sealed

Foresight NewsHace 3 min(s)

Japan's Central Bank on the Verge of Raising Rates, Can the AI Bull Market Still Hold?

TL;DR: The impending Bank of Japan (BOJ) interest rate hike is shifting global market focus this week, raising questions about its potential impact on the AI-driven bull market and cryptocurrencies like Bitcoin. For years, the yen has served as a cheap global "funding currency," enabling carry trades where investors borrowed yen at low rates to buy higher-yielding assets. This dynamic amplified liquidity and risk appetite in global markets, benefiting high-beta assets like AI tech stocks and crypto. The BOJ's expected move to raise rates from 0.75% to 1.0% signals a shift away from this era of ultra-low-cost funding. The core concern isn't the 1% rate itself, but the direction of change and its potential to reduce global leverage and risk tolerance. An unwinding of yen carry trades could force investors to sell global assets to buy back yen for repayment, potentially triggering synchronized volatility in overvalued sectors. While AI fundamentals and crypto-specific drivers remain intact, the market impact will depend on whether the BOJ signals a faster-than-expected pace of normalization. Post-decision, watch for correlations between a strengthening yen, rising Japanese bond yields, and simultaneous pressure on tech stocks and cryptocurrencies to gauge if the market is pricing in a broader tightening of cheap global liquidity.

marsbitHace 12 min(s)

Japan's Central Bank on the Verge of Raising Rates, Can the AI Bull Market Still Hold?

marsbitHace 12 min(s)

Microsoft Announces Commercial-Grade Quantum Computer to be Completed in Three Years: Will the Boots Land?

Microsoft announces plans to build a commercially viable quantum computer by 2029, a significant acceleration from the previous industry consensus of a decade. The breakthrough is fueled by their new Majorana 2 quantum chip, which boasts a record-breaking average qubit lifetime of 20 seconds—a 1,000-fold reliability improvement over its predecessor. This leap was achieved by leveraging topological qubits, a theoretically more stable technology using Majorana zero modes, and switching the core superconducting material from aluminum to lead. Crucially, Microsoft's "Discovery" agentic AI platform accelerated the R&D process. AI agents autonomously analyzed vast experimental data, optimized manufacturing parameters (like the lead alloy composition), and solved issues like "ghost noise," dramatically speeding up experimentation. While the 20-second coherence time is a landmark, challenges remain: scaling from 12 qubits to the millions needed for practical applications, managing compilation costs, and verifying quantum results. Skeptics call for peer-reviewed data, and questions persist about whether even 20 seconds is sufficient for complex algorithms like breaking RSA encryption. The race is on with other approaches (superconducting, trapped ions), but Microsoft's confidence in its topological roadmap signals a potential shortcut to a scalable quantum future.

marsbitHace 22 min(s)

Microsoft Announces Commercial-Grade Quantum Computer to be Completed in Three Years: Will the Boots Land?

marsbitHace 22 min(s)

What Kind of People Is Anthropic Actually Hiring? Insights from 1,680 Resumes Provide the Answer

Contrary to the common perception of Anthropic as a PhD-heavy AI research lab, an analysis of 1,680 engineer profiles reveals its core talent is experienced "builders." The engineering team, largely assembled in the past 18 months (median tenure 10 months), hires senior engineers with a median of 12.2 years of prior experience. They primarily come from major engineering-focused companies like Google, Meta, Amazon, Microsoft, Stripe, Databricks, Snowflake, and Palantir, not primarily from other AI labs. Their backgrounds are infrastructure-heavy (40%), focusing on backend, distributed systems, databases, and security, with skills like Python, Java, C++, and AWS being common. Only 13.7% hold PhDs. The dominant job title is "Member of Technical Staff." For early-career hires (<6 years experience), entry is not based on standard work history but on prestigious signals: top internships (e.g., at FAANG or quant trading firms), competition rankings, research publications, or AI safety fellowship experience. The key insight for applicants is to present as infrastructure builders, highlighting experience with large-scale systems, not as pure researchers, reflecting Anthropic's identity as a highly engineered infrastructure company.

marsbitHace 24 min(s)

What Kind of People Is Anthropic Actually Hiring? Insights from 1,680 Resumes Provide the Answer

marsbitHace 24 min(s)

Is There Really a "World Cup Curse" in the Market?

Is there really a "World Cup Curse" affecting markets? Historical data shows global equity markets often underperform during the tournament. The S&P 500 has averaged negative returns of -1.5% to -2.11% across 19 World Cups since 1950, with declines in 58% of events. China's Shanghai Composite fell in 71% of tournaments since 1994. Studies confirm reduced trading activity during matches, with volumes dropping significantly, especially when a home nation plays. A team's loss can also lead to negative sentiment and selling pressure in its domestic market the next day. However, the "curse" may be partly attributed to seasonal weakness. Many tournaments are held in June-July, a historically weaker period for stocks ("Sell in May and go away"). The 2022 Qatar World Cup, held in November-December, saw a smaller drop in trading volume compared to summer events, suggesting timing plays a role. The cryptocurrency market's performance during World Cups has been mixed and largely driven by its own major catalysts (e.g., Mt. Gox hack, FTX collapse, halving cycles) rather than the tournament. Investment opportunities have shifted over time. Traditional beneficiaries like TV manufacturers have seen fading returns as streaming platforms become the core viewing channel. Classic consumer plays like beer and sportswear face challenges from changing consumption trends. Newer digital assets, like fractionalized collectible player cards on blockchain, have seen explosive growth. While gambling is a traditional sector, prediction markets are emerging. In conclusion, while a statistical correlation exists, the World Cup's direct impact on markets is likely limited and intertwined with seasonal patterns. With lower liquidity during the event, the simplest strategy for many might be to step back from trading and enjoy the games.

marsbitHace 29 min(s)

Is There Really a "World Cup Curse" in the Market?

marsbitHace 29 min(s)

Trading

Spot
Futuros
活动图片