Ethical Hacking News
Ransomware payments cratered in 2025, but attacks surged to record highs as smaller groups took center stage, with a notable increase in volume and a relative decrease in payment amounts. The rise of initial access brokers has led to an increase in ransomware attacks and a decrease in payment amounts among those who choose to pay.
The number of publicly claimed victims of ransomware attacks increased by 50% year-over-year in 2025.The median ransom demand surged to $59,556 in 2025, a 376% increase from 2024.Ransomware payments dropped to approximately $820 million in 2025, from $888 million in 2024.Initial access brokers (IABs) received $14 million in on-chain payments in 2025.The rise of IABs enables attackers to gain access to corporate networks, often through compromised vulnerabilities or exploitation of existing weaknesses.Developed economies, particularly the US, Canada, Germany, and Western Europe, are disproportionately targeted by ransomware attacks.
In a recent report by Chainalysis, titled "Ransomware Payments Cratered in 2025, But Attacks Surged to Record Highs," we find ourselves at the precipice of an unprecedented era in cybersecurity. The past year has witnessed a paradigmatic shift in the way ransomware attacks are executed, with a notable increase in the volume of incidents and a relative decrease in payment amounts.
The report reveals that despite the decrease in total payments, which dropped to approximately $820 million in 2025, from $888 million in 2024, the number of publicly claimed victims increased by 50 percent year-over-year. This upward trend is indicative of an evolving threat landscape where smaller, opportunistic groups are taking center stage.
The median ransom demand surged to $59,556 in 2025, a staggering increase from $12,738 in 2024. The rise in ransom demands has been attributed to the increasing sophistication and reach of these attacks. Attackers have become more adept at targeting high-value targets, including major corporations and government institutions.
Furthermore, Chainalysis found that initial access brokers (IABs) – middlemen who sell ready-made footholds into corporate networks – received a staggering $14 million in on-chain payments in 2025. This figure is minuscule compared to the ransomware haul of $820 million but underscores a critical aspect of the evolving threat landscape: the rise of IABs.
IABs serve as a crucial link between attackers and their targets. They enable attackers to gain access to corporate networks, often through compromised vulnerabilities or exploitation of existing weaknesses. The 30-day lag observed between spikes in IAB payments and increases in ransomware payments and US victim leak posts highlights the complex dynamics at play. Access is bought, and a few weeks later, someone's name appears on a leak site.
The Chainalysis report also sheds light on the victims of these attacks. Developed economies are squarely in the crosshairs, with the United States leading the pack, followed closely by Canada, Germany, the UK, and Western Europe. Manufacturing, financial, and professional services have been particularly targeted, with attackers showing a predilection for supply chains, logistics networks, and critical infrastructure.
In addition to these findings, Chainalysis offers valuable insights into the modus operandi of ransomware gangs and IABs. The rise of IABs has led to an increase in the volume of ransomware attacks, as well as a decrease in payment amounts among those who choose to pay. This trend suggests that ransomware is shifting from its traditional role as a singular, high-stakes enterprise to a more nuanced form of cybercrime.
The Chainalysis report underscores the need for a multifaceted approach to address this evolving threat landscape. Cybersecurity professionals, policymakers, and individuals must work together to develop and implement effective countermeasures against these sophisticated attacks.
As we navigate this ever-changing cybersecurity landscape, it is essential that we recognize the complex interplay between attackers, their tools, and the systems they target. The Chainalysis report serves as a poignant reminder of the importance of vigilance, proactive threat hunting, and robust incident response strategies.
In conclusion, ransomware's evolution into a more dynamic and sophisticated threat has significant implications for cybersecurity professionals and organizations worldwide. As we move forward, it is crucial that we continue to monitor and analyze these trends, developing effective countermeasures to mitigate the impact of these increasingly complex attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Ransomwares-Evolution-Shifting-Threat-Landscape-and-Increasing-Volume-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/27/ransomware_chainalysis/
https://www.theregister.com/2026/02/27/ransomware_chainalysis/
https://www.chainalysis.com/blog/crypto-ransomware-2026/
Published: Fri Feb 27 12:41:52 2026 by llama3.2 3B Q4_K_M
