Ransomware Crooks Are Busier Than Ever — But Making Less Money, Researchers Say

bitcoinistОпубликовано 2026-02-27Обновлено 2026-02-27

Введение

According to a Chainalysis report, ransomware attacks increased by 50% in 2025, with nearly 8,000 incidents recorded. However, total ransom payments fell by 8% to $820 million. This decline is attributed to stricter regulations, improved law enforcement, and more companies refusing to pay. Attackers have shifted focus to small and medium-sized businesses, which pay faster but yield smaller sums. The cost of launching attacks has also decreased significantly, with access to victim systems on the dark web dropping from $1,427 in 2023 to $439 in early 2026. Despite the drop in ransomware revenue, broader crypto crime remains significant, with $370 million stolen in January 2026 alone, mostly through phishing attacks.

The cybercrime business is booming, at least on paper. According to a new report from blockchain analytics firm Chainalysis, the number of ransomware attacks jumped 50% in 2025, with nearly 8,000 separate incidents recorded throughout the year. Yet for all that hustle, hackers walked away with less cash than the year before.

Smaller Targets, Smaller Payouts

Total ransom payments collected in 2025 came in at $820 million — an 8% drop from 2024. Reports say the decline is tied to several factors: tougher rules from regulators, law enforcement cracking down on the networks criminals use to launder money, and a growing number of companies simply refusing to pay.

With big organizations shutting the door, attackers moved on to easier prey. Small and medium-sized businesses became the new focus. “Smaller victims pay faster,” said Corsin Camichel, founder of eCrime.ch, in the Chainalysis report.

But faster doesn’t mean bigger. Those smaller targets yield smaller sums, and that math is catching up with the criminals running these schemes.

Source: Chainalysis

The gap between how many attacks are being claimed publicly and how much money is actually being collected tells its own story. Attackers are filing more claims than ever, yet the money flowing back to them keeps shrinking.

BTCUSD now trading at $67,800. Chart: TradingView

According to Chainalysis, that gap signals something important — the people running these operations are putting in more work for a worse result.

Source: Chainalysis

Ransomware: The Cost Of Breaking In Has Fallen Sharply

Part of what’s fueling the surge in attack numbers is how cheap it has become to launch one. Reports note that the average price for purchasing access to a victim’s system on the dark web fell from $1,427 in early 2023 to just $439 by early 2026.

#CertiKStatsAlert 🚨

Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.

~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.

More details below 👇 pic.twitter.com/uXhi0P6dl5

— CertiK Alert (@CertiKAlert) January 31, 2026

Artificial intelligence tools and an oversupply of ready-made attack software have made it easier for more people to get into the ransomware game.

The result is a crowded field of attackers competing for the same pool of victims — and driving down their own profits in the process. It mirrors what happens in any flooded market. More sellers, same number of buyers, prices fall.

2026 Has Already Seen Major Crypto Losses

Even as ransomware payments trended downward last year, the broader picture of crypto-related crime remains grim. According to cybersecurity firm CertiK, $370 million in crypto was stolen in January 2026 alone through various exploits and scams.

Phishing attacks were responsible for the bulk of those losses, accounting for $311 million of the total. Ransomware may be generating less revenue for its operators, but the wider world of crypto theft is far from slowing down.

Featured image from Unsplash, chart from TradingView

Связанные с этим вопросы

QAccording to the Chainalysis report, what was the percentage increase in ransomware attacks in 2025 and the total number of incidents?

AThe number of ransomware attacks jumped 50% in 2025, with nearly 8,000 separate incidents recorded.

QWhat was the total value of ransom payments collected in 2025 and how does it compare to the previous year?

ATotal ransom payments collected in 2025 came in at $820 million, which is an 8% drop from 2024.

QWhat are the three main factors cited for the decline in ransom payments?

AThe decline is tied to tougher rules from regulators, law enforcement cracking down on money laundering networks, and a growing number of companies refusing to pay.

QHow much did the average price for purchasing access to a victim's system on the dark web fall between early 2023 and early 2026?

AThe average price fell from $1,427 in early 2023 to just $439 by early 2026.

QHow much cryptocurrency was reported stolen in January 2026 by CertiK, and what type of attack was responsible for the majority of those losses?

A$370 million in crypto was stolen in January 2026, with phishing attacks accounting for the bulk of those losses at $311 million.

Похожее

North Korean Hackers Loot $500 Million in a Single Month, Becoming the Top Threat to Crypto Security

North Korean hackers, particularly the notorious Lazarus Group and its subgroup TraderTraitor, have stolen over $500 million from cryptocurrency DeFi platforms in less than three weeks, bringing their total theft for the year to over $700 million. Recent major attacks on Drift Protocol and KelpDAO, resulting in losses of approximately $286 million and $290 million respectively, highlight a strategic shift: instead of targeting core smart contracts, attackers are now exploiting vulnerabilities in peripheral infrastructure. For instance, the KelpDAO attack involved compromising downstream RPC infrastructure used by LayerZero's decentralized validation network (DVN), allowing manipulation without breaching core cryptography. This sophisticated approach mirrors advanced corporate cyber-espionage. Additionally, North Korea has systematically infiltrated the global crypto workforce, with an estimated 100 operatives using fake identities to gain employment at blockchain companies, enabling long-term access to sensitive systems and facilitating large-scale thefts. According to Chainalysis, North Korean-linked hackers stole a record $2 billion in 2025, accounting for 60% of all global crypto theft that year. Their total historical crypto theft has reached $6.75 billion. Post-theft, they employ specialized money laundering methods, heavily relying on Chinese OTC brokers and cross-chain mixing services rather than standard decentralized exchanges. Security experts, while acknowledging the increased sophistication, emphasize that many attacks still exploit fundamental weaknesses like poor access controls and centralized operational risks. Strengthening private key management, limiting privileged access, and enhancing coordination among exchanges, analysts, and law enforcement immediately after an attack are critical to improving defense and fund recovery chances. The industry's challenge now extends beyond secure smart contracts to safeguarding operational security at the infrastructure level.

marsbit15 мин. назад

North Korean Hackers Loot $500 Million in a Single Month, Becoming the Top Threat to Crypto Security

marsbit15 мин. назад

Circle CEO's Seoul Visit: No Korean Won Stablecoin Issuance, But Met All Major Korean Banks

Circle CEO Jeremy Allaire's recent activities in Seoul indicate a strategic shift for the company, moving away from issuing a Korean won-backed stablecoin and instead focusing on embedding itself as a key infrastructure provider within Korea’s financial and crypto ecosystem. Despite Korea accounting for nearly 30% of global crypto trading volume—with a market characterized by high retail participation and altcoin dominance—Circle has chosen not to compete for the role of stablecoin issuer. Instead, Allaire met with major Korean banks (including Shinhan, KB, and Woori), financial groups, leading exchanges (Upbit, Bithumb, Coinone), and tech firms like Kakao. This approach reflects a broader industry transition: the core of stablecoin competition is shifting from issuance rights to systemic positioning. With Korean regulators still debating whether banks or tech companies should issue stablecoins, Circle is avoiding regulatory uncertainty by strengthening its role as a service and technology partner. The company is deepening integration with trading platforms, building connections, and promoting stablecoin infrastructure. This positions Circle to benefit regardless of which entity eventually issues a won stablecoin. Allaire also noted the potential for a Chinese yuan stablecoin in the next 3–5 years, underscoring a regional trend of stablecoins becoming more regulated and integrated with traditional finance. Ultimately, Circle’s strategy highlights that future influence in the stablecoin market will belong not necessarily to the issuers, but to the foundational infrastructure layers that enable cross-system transactions.

marsbit43 мин. назад

Circle CEO's Seoul Visit: No Korean Won Stablecoin Issuance, But Met All Major Korean Banks

marsbit43 мин. назад

SpaceX Ties Up with Cursor: A High-Stakes AI Gambit of 'Lock First, Acquire Later'

SpaceX has secured an option to acquire AI programming company Cursor for $60 billion, with an alternative clause requiring a $10 billion collaboration fee if the acquisition does not proceed. This structure is not merely a potential acquisition but a strategic move to control core access points in the AI era. The deal is designed as a flexible, dual-path arrangement, allowing SpaceX to either fully acquire Cursor or maintain a binding partnership through high-cost collaboration. This "option-style" approach minimizes immediate regulatory and integration risks while ensuring long-term alignment between the two companies. At its core, the transaction exchanges critical AI-era resources: SpaceX provides its Colossus supercomputing cluster—one of the world’s most powerful AI training infrastructures—while Cursor contributes its AI-native developer environment and strong product adoption. This synergy connects compute power, models, and application layers, forming a closed-loop AI capability stack. Cursor, founded in 2022, has achieved rapid growth with over $1 billion in annual revenue and widespread enterprise adoption. Its value lies in transforming software development through AI agents capable of coding, debugging, and system design—positioning it as a gateway to future software production. For SpaceX, this move is part of a broader strategy to evolve from a aerospace company into an AI infrastructure empire, integrating xAI, supercomputing, and chip manufacturing. Controlling Cursor fills a gap in its developer tooling layer, strengthening its AI narrative ahead of a potential IPO. The deal reflects a shift in AI competition from model superiority to ecosystem and entry-point control. With programming tools as a key battleground, securing developer loyalty becomes crucial for dominating the software production landscape. Risks include questions around Cursor’s valuation, technical integration challenges, and potential regulatory scrutiny. Nevertheless, the deal underscores a strategic bet: controlling both compute and software development access may redefine power dynamics in the AI-driven future.

marsbit1 ч. назад

SpaceX Ties Up with Cursor: A High-Stakes AI Gambit of 'Lock First, Acquire Later'

marsbit1 ч. назад

Ripple’s Tokenization Bet: Will XRP Price Explode As It Enters This Trillion-Dollar Industry?

Institutional capital is quietly moving onto the XRP Ledger (XRPL), with over $333 million in tokenized US Treasury products now live from firms like BlackRock-backed Ondo Finance, OpenEden, Guggenheim, and abrdn. This marks a significant shift for XRPL, traditionally known for payments, into the tokenized real-world asset sector. While still a tiny fraction of the $30+ trillion Treasury market, XRPL's tokenized assets grew 2,200% in 2025. Experts project the global tokenization market could reach $200 trillion. If XRPL captures a notable share as this market scales, it could have significant implications for the price of XRP.

bitcoinist2 ч. назад

Ripple’s Tokenization Bet: Will XRP Price Explode As It Enters This Trillion-Dollar Industry?

bitcoinist2 ч. назад

Bitcoin Could Strengthen US National Security, Top Military Commander Says

US lawmakers advocate for domestic Bitcoin mining equipment production, citing national security risks from foreign hardware dependence. Admiral Samuel Paparo, commander of US Indo-Pacific Command, testified to the Senate Armed Services Committee that Bitcoin is a tool for "power projection" and cybersecurity. He emphasized Bitcoin's proof-of-work system as a costly deterrent against network attacks, aligning it with US national power instruments. This echoes earlier military perspectives, like US Space Force's Jason Lowery, who argued Bitcoin's utility beyond finance. The hearing also addressed cyber threats, including North Korea's crypto theft for weapons funding. While the US leads in Bitcoin holdings and mining, reliance on overseas-manufactured mining hardware remains a vulnerability.

bitcoinist4 ч. назад

Bitcoin Could Strengthen US National Security, Top Military Commander Says