Blockchain and incident-response reporting indicates ransomware victims are paying less often even as attackers claim more victims. Chainalysis data cited by BleepingComputer puts the 2025 victim payment rate at 28% (down from 62.8% in 2024 and 78.9% in 2022) while noting a roughly 50% year-over-year increase in claimed attacks; on-chain ransomware payments for 2025 were estimated at $820M with the expectation the total could approach or exceed $900M as additional attributions are made. Despite lower overall payment participation, the median ransom payment increased sharply (reported as up 368%, from $12,738 in 2024 to $59,556 in 2025), alongside greater ecosystem fragmentation (Chainalysis observed 85 active extortion groups), with drivers including improved incident response, regulatory scrutiny, law-enforcement actions, and market dynamics.
Separately, the UAE Cyber Security Council said it thwarted an attempted ransomware operation targeting national digital infrastructure and “vital sectors,” describing activity that included network intrusion attempts, ransomware deployment efforts, and systematic phishing, and alleging the use of AI-enabled tooling to increase sophistication. Broader incident tracking also highlights the continued real-world impact of ransomware and extortion: CSIS summarized multiple 2025 cases including Medusa’s claimed breach of SimonMed Imaging (reported ~1.2M patients affected; $1M demand to delete data) and a ransomware-enabled breach of UK defense contractor Dodd Group attributed to Lynx (reported ~4TB stolen and subsequent leaking), underscoring that even with declining payment rates, high-impact data theft and extortion remain persistent risks.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
Chainalysis said the share of ransomware victims paying extortion demands dropped to 28% in 2025, the lowest level on record, even as claimed attacks rose significantly. The firm estimated on-chain ransomware payments reached $820 million in 2025 and could ultimately approach or exceed $900 million as more incidents are attributed.
The UAE Cyber Security Council said it stopped an organized ransomware attack over the weekend that targeted the country's digital infrastructure and essential services across vital sectors. Officials said the activity included network infiltration, ransomware deployment, and phishing campaigns, and claimed the attackers used AI-enabled tools.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
csis.org
Open sourcebleepingcomputer.com
Open sourcedatabreaches.net
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.