Payments to victims from hackers fell to an all‑time low, even as the number of attacks rose sharply.

Summary of Chainalysis report on the state of cybercrime in 2025

Metric Value Comment
Percentage of victims who paid ransom 28 % (a nearly four‑fold decrease) Lowest historical level despite an increase in attacks.
Total blockchain payouts for 2025 $820 million Projected to approach $900 million with new events and payments.
Increase in number of attacks compared to 2024 +50 % Payments remain stable.
Average ransom amount $59,556 (in 2025) Grew by 368 % from $12,738 in 2024, as confirmed by Coveware data.

What changed in the cybercrime ecosystem
1. Improved response
- Incidents are detected and mitigated faster, reducing payouts.
2. Regulatory pressure
- Heightened oversight by government agencies makes offender operations more difficult.
3. International law‑enforcement efforts
- Cross‑border cooperation helps expose and arrest key actors.
4. Market fragmentation
- In 2025, active extortion groups numbered 85, unlike the previously dominant RaaS platforms.

Major incidents in 2025
Company Damage Group attacking
Jaguar Land Rover ≈ $2.5 million – Marks & Spencer – Scattered Spider
DaVita 2.7 million medical records

Geography of attacks
- Heaviest country: United States
- Next most frequent: Canada, Germany, United Kingdom

This confirms a trend toward focusing on developed markets.

Role of primary access brokers (IAB)
Metric Value
IAB revenue in 2025 $14 million (~1.7 % of total revenue)
Average price per access Decreased from $1,427 (Q1 2023) to $439 (Q1 2026)

*Idea:* IAB activity precedes spikes in payouts and victim reports by about 30 days, making them a potential indicator of future attacks.

Final conclusion from Chainalysis
- Payment transactions are declining, but the scale, sophistication, and real impact of cyberattacks are increasing.
- Ransom programs are in an adaptation phase: they develop new tactics to maximize gains even from fewer paying victims.

Thus, although financial losses have decreased over recent years, cybercrime continues to evolve and remain a serious threat to organizations of all sizes.