Ransomware Incidents Surge 50% in 2025 While On‑Chain Ransom Payments Fall to $820M

Chainalysis reports a 50% rise in ransomware leak events in 2025, approaching 8,000 incidents, even as documented on‑chain ransom payments declined 8% year‑over‑year to $820 million. The shift reflects attackers moving from a few high‑profile victims to many small and medium enterprises and increased use of cheaper ransomware‑as‑a‑service (RaaS), infostealer logs and AI‑assisted tooling that lower entry barriers and boost attack volume. At the same time, improved enforcement, stricter regulations, better corporate defenses, and a falling dark‑web “price for victim access” (from $1,427 in early 2023 to $439 by early 2026) have reduced visible on‑chain payment flows. Chainalysis and related reports note higher median ransom demands (driven by targeted “big‑game hunting”, triple‑extortion tactics and greater reconnaissance) even though aggregate traceable payments are lower; privacy coins and off‑chain settlements likely mean the $820M figure is a lower bound. The coverage also flags a spike in crypto exploits and scams in early 2026 (CertiK reported $370.3M stolen in January, mainly via phishing), underscoring persistent counterparty and security risks for traders. For crypto traders: expect elevated systemic cyber‑risk to corporates and critical sectors, potential short‑term volatility around high‑profile breaches or major crypto exploits, and continued regulatory and compliance pressure that may affect on‑ramp/off‑ramp flows, exchange scrutiny and liquidity.