Ransomware Attacks Hit Record Highs While Profits Plummet — Here’s Why Criminals Are Working Harder for Less
Ransomware gangs are launching more attacks than ever before—but their illicit earnings are shrinking dramatically. New research reveals a surprising twist in the digital extortion economy.
The Volume Paradox
Attack frequency has skyrocketed. More businesses, hospitals, and municipalities face encryption locks daily. Yet the average ransom payment has dropped sharply. Criminals flood the zone but catch fewer big fish.
Defense Gets Smarter
Companies now treat ransomware as inevitable. Robust backups, air-gapped systems, and rapid recovery protocols cut the leverage. Why pay when you can restore in hours? Insurance policies increasingly refuse to cover ransom payments too.
The Crypto Trail Burns
Blockchain analytics firms track Bitcoin and Monero movements with chilling precision. Law enforcement seizes wallet keys mid-ransom. Tumbling services get compromised. That anonymous crypto payout isn't so anonymous anymore.
Too Many Cooks, Not Enough Kitchens
The ransomware-as-a-service model democratized crime. Low-skilled affiliates now outnumber elite operators. They hit smaller targets, demand modest sums, and trigger alerts—diluting the whole ecosystem's profitability.
The Bottom Line
Digital extortion has become a volume business with shrinking margins. Criminals work overtime for diminishing returns—almost like a dystopian gig economy, but with more felony charges. Maybe they should try traditional finance; the returns are worse but at least it's legal.
Smaller Targets, Smaller Payouts
Total ransom payments collected in 2025 came in at $820 million — an 8% drop from 2024. Reports say the decline is tied to several factors: tougher rules from regulators, law enforcement cracking down on the networks criminals use to launder money, and a growing number of companies simply refusing to pay.
With big organizations shutting the door, attackers moved on to easier prey. Small and medium-sized businesses became the new focus. “Smaller victims pay faster,” said Corsin Camichel, founder of eCrime.ch, in the Chainalysis report.
But faster doesn’t mean bigger. Those smaller targets yield smaller sums, and that math is catching up with the criminals running these schemes.
The gap between how many attacks are being claimed publicly and how much money is actually being collected tells its own story. Attackers are filing more claims than ever, yet the money flowing back to them keeps shrinking.
According to Chainalysis, that gap signals something important — the people running these operations are putting in more work for a worse result.
Ransomware: The Cost Of Breaking In Has Fallen Sharply
Part of what’s fueling the surge in attack numbers is how cheap it has become to launch one. Reports note that the average price for purchasing access to a victim’s system on the dark web fell from $1,427 in early 2023 to just $439 by early 2026.
#CertiKStatsAlert
Combining all the incidents in January we’ve confirmed ~$370.3M lost to exploits.
~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.
More details below
pic.twitter.com/uXhi0P6dl5
— CertiK Alert (@CertiKAlert) January 31, 2026
Artificial intelligence tools and an oversupply of ready-made attack software have made it easier for more people to get into the ransomware game.
The result is a crowded field of attackers competing for the same pool of victims — and driving down their own profits in the process. It mirrors what happens in any flooded market. More sellers, same number of buyers, prices fall.
2026 Has Already Seen Major Crypto LossesEven as ransomware payments trended downward last year, the broader picture of crypto-related crime remains grim. According to cybersecurity firm CertiK, $370 million in crypto was stolen in January 2026 alone through various exploits and scams.
Phishing attacks were responsible for the bulk of those losses, accounting for $311 million of the total. Ransomware may be generating less revenue for its operators, but the wider world of crypto theft is far from slowing down.
Featured image from Unsplash, chart from TradingView
