A surprising trend has emerged in the world of ransomware, where the number of victims paying threat actors has dropped to a record low, despite a significant increase in the number of claimed attacks. According to blockchain intelligence platform Chainalysis, the percentage of ransomware victims paying threat actors has declined to 28% in 2025, an all-time low.
This downward trend has been observed for the past four consecutive years by Chainalysis, which tracks on-chain ransomware payments. The total of on-chain ransomware payments in 2025 stands at $820 million, but the company notes that "the 2025 total is likely to approach or exceed $900 million as we attribute more events and payments."
The data from Chainalysis reveals a relative stability in the total number of payments, despite a 50% increase in ransomware attacks year-over-year. This raises questions about the strategies employed by attackers and the effectiveness of their tactics.
In 2024, the payment rate recorded by Chainalysis was more than double, at 62.8%, while in 2022, it was at 78.9%. The steady decline in victim payment rates has been confirmed by other reports, including those from Coveware, which showed a similar trend throughout 2025.
Several factors may have contributed to the decline in ransomware payments. One possible explanation is that organizations are becoming more resilient and prepared to respond to ransomware attacks, with many having implemented robust backup systems and incident response plans. This could make it more difficult for attackers to extort payments from victims.
Another factor may be the increasing scrutiny of ransomware payments by law enforcement and regulatory bodies. In recent years, there has been a growing effort to disrupt ransomware gangs and hold them accountable for their actions. This may have led to a decrease in the number of successful ransomware attacks and a decline in the willingness of victims to pay.
The decline in ransomware payments also raises questions about the economic viability of ransomware as a business model. If victims are increasingly unwilling to pay, it may become less profitable for attackers to launch ransomware attacks. This could lead to a shift in tactics, with attackers exploring other forms of cybercrime.
However, it's also possible that the decline in ransomware payments is a temporary trend, and that attackers will adapt and evolve their tactics to continue extorting payments from victims. As the threat landscape continues to evolve, it's essential to remain vigilant and proactive in preventing and responding to ransomware attacks.
In conclusion, the decline in ransomware payments is a significant development that raises important questions about the strategies employed by attackers and the effectiveness of their tactics. As the threat landscape continues to evolve, it's essential to remain vigilant and proactive in preventing and responding to ransomware attacks.
Sources:
Chainalysis, Coveware
A surprising trend has emerged in the world of ransomware, where the number of victims paying threat actors has dropped to a record low, despite a significant increase in the number of claimed attacks. According to blockchain intelligence platform Chainalysis, the percentage of ransomware victims paying threat actors has declined to 28% in 2025, an all-time low.
This downward trend has been observed for the past four consecutive years by Chainalysis, which tracks on-chain ransomware payments. The total of on-chain ransomware payments in 2025 stands at $820 million, but the company notes that "the 2025 total is likely to approach or exceed $900 million as we attribute more events and payments."
The data from Chainalysis reveals a relative stability in the total number of payments, despite a 50% increase in ransomware attacks year-over-year. This raises questions about the strategies employed by attackers and the effectiveness of their tactics.
In 2024, the payment rate recorded by Chainalysis was more than double, at 62.8%, while in 2022, it was at 78.9%. The steady decline in victim payment rates has been confirmed by other reports, including those from Coveware, which showed a similar trend throughout 2025.
Several factors may have contributed to the decline in ransomware payments. One possible explanation is that organizations are becoming more resilient and prepared to respond to ransomware attacks, with many having implemented robust backup systems and incident response plans. This could make it more difficult for attackers to extort payments from victims.
Another factor may be the increasing scrutiny of ransomware payments by law enforcement and regulatory bodies. In recent years, there has been a growing effort to disrupt ransomware gangs and hold them accountable for their actions. This may have led to a decrease in the number of successful ransomware attacks and a decline in the willingness of victims to pay.
The decline in ransomware payments also raises questions about the economic viability of ransomware as a business model. If victims are increasingly unwilling to pay, it may become less profitable for attackers to launch ransomware attacks. This could lead to a shift in tactics, with attackers exploring other forms of cybercrime.
However, it's also possible that the decline in ransomware payments is a temporary trend, and that attackers will adapt and evolve their tactics to continue extorting payments from victims. As the threat landscape continues to evolve, it's essential to remain vigilant and proactive in preventing and responding to ransomware attacks.
In conclusion, the decline in ransomware payments is a significant development that raises important questions about the strategies employed by attackers and the effectiveness of their tactics. As the threat landscape continues to evolve, it's essential to remain vigilant and proactive in preventing and responding to ransomware attacks.
Sources:
Chainalysis, Coveware