- Chainalysis finds that ransomware incidents increased 50% in 2025, extortion amounted to about 820 million.
- The payout rate fell to 28%, down from 62.8% in 2024 and 78.9% in 2022
- The average ransom increased by 368% to $59,556
Ransomware groups have never been more active, but also never extorted this much money, new research has claimed.
Market analysts Chainalysis found that in 2025, the number of ransomware incidents increased by 50% compared to the previous year, earning criminals $820 million – although this number could still rise as more incidents are attributed to ransomware attacks.
The increase in successful attacks should automatically translate into higher payouts, but it didn’t — and in fact, Chainalysis says the number of payouts remained relatively flat, meaning in absolute terms that there were actually far fewer companies paying ransomware attackers.
That said, the researchers believe the number of ransomware victims who actually paid dropped to almost a quarter (28%). This means that for the fourth year in a row, companies have paid less and less to cybercriminals.
In 2024, the payment rate was 62.8%, and a few years before – in 2022 – it was 78.9%.
There are several reasons for this trend, the researchers further explain, saying that improved incident response and increased regulatory scrutiny played a large role.
Then there are effective international actions against ransomware operators, infrastructure and money laundering, which certainly limited “some revenue failures”. Finally, mistakes on the part of the criminals, such as the VolkLocker vulnerability that allowed free decryption, lifted some of the pressure from the victims.
But it seems that hackers don’t really want to work harder, so of those who pay – they demand more. Chainalysis says the average ransom payment increased 368% year-over-year, from $12,738 in 2024 to $59,556 in 2025.
Despite the somewhat bleak outlook, ransomware does not seem to be losing its popularity in the criminal underworld. The report says there are currently 85 active extortion groups, far more than in previous years. Crooks were most active against US companies, but also those in Canada, Germany and the UK.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
