Full Report
Ransomware payments stagnated despite record attacks claimed. Total on-chain ransomware payments fell by approximately 8% to $820 million in 2025, even as claimed attacks rose 50%. Median ransom payment size increased significantly. While aggregate revenue stagnated, the median ransom payment grew 368% year-over-year to nearly $60,000. Initial Access Broker (IAB) activity can serve as a leading indicator; on-chain analysis indicates that spikes in IAB inflows typically precede increases in ransomware payments and victim leaks by roughly 30 days.
Analysis Summary