Central Intelligence
Central IntelligenceSIGNAL FROM NOISE
Last Update: 04/05/2026 at 2:50 PM EST

Ransomware Attacks Rise as Payments Fall

Coverage from BleepingComputer, integrity360, and others

Articles

10

Latest Article

04/03

Active Days

93

Executive Summary

Ransomware incidents surged in 2025, but fewer victims paid as defenses improved and criminals shifted tactics across more active groups

  • Ransomware incidents rose 50 percent in 2025, but payment rates fell to 28 percent
  • Chainalysis said the median ransom payment jumped from 12738 USD to 59556 USD
  • US businesses were the top target, with activity also in Canada, Germany, and the UK
  • Active extortion groups increased to 85, showing a broader and more fragmented ecosystem
  • Improved incident response and regulatory pressure helped reduce ransom payments
  • S-RM said ransomware groups are shifting toward encryption driven extortion and data theft
  • S-RM found 67 distinct groups and a sharp rise in Asia-Pacific incidents

Quick Facts

  • What: Attacks increased while victim payment rates declined
  • Where: Mainly the United States with activity in Europe and Asia-Pacific
  • Why: Better defenses, regulatory pressure, and evolving extortion tactics
  • Who: Ransomware groups and targeted organizations worldwide
  • When: During 2025 according to Chainalysis and S-RM reports

Coverage Timeline: 93 Days

1Jan 1 '261Feb 91Feb 131Feb 202Feb 261Feb 271Mar 51Mar 171Apr 3 '26

Featured Article

TechRadar / Sead 02-27-2026
Ransomware Payments Drop To Record Low, Even As Attacks Surge
Chainalysis reports in 2025 ransomware incidents rose by 50 percent, with US based targets and international activity, while payments declined and extortion groups expanded.

Additional Articles

⭐⭐⭐⭐⭐

BleepingComputer 04-03-2026
Multi-Extortion Ransomware Attacks
In February 2026, University of Mississippi Medical Center ransomware disrupted Epic electronic health records across 35 clinics and 200+ telehealth sites while illustrating double and triple extortion tactics.

⭐⭐⭐

integrity360 / Matthew Olney 02-09-2026
The Reality Of Ransomware
Ransomware operators in 2026 are expanding extortion tactics worldwide by combining data theft, DDoS, insider recruitment and gig-worker misuse to pressure organisations.
IT Brew / Billy Hurley 02-13-2026
Even Ransomware Actors Tire Of Complicated Encryption
Ransomware actors shift from encryption to data exfiltration in late 2025, prompting updated breach response and detection practices.

⭐️⭐️

JD Supra 03-17-2026
Key Takeaways From The S-RM Cyber Incident Insights Report 2026
S-RM reports in 2025 that ransomware incidents grew globally, with 67 groups and Asia-Pacific surges, while United States organizations remained primary targets.
BleepingComputer / Bill Toulas 02-26-2026
Ransomware Payment Rate Drops To Record Low As Attacks Surge
Ransomware victims pay less often in 2025, but larger sums across the United States, Canada, Germany, and the United Kingdom.
BleepingComputer / Bill Toulas 02-26-2026
Ransomware Payment Rate Drops To Record Low As Attacks Surge
Chainalysis reports 2025 on chain ransomware payments near 820 million USD, 28 percent victim payment rate, and 85 active extortion groups worldwide.
Security Boulevard / Beth Osborne 03-05-2026
Hackers Pivot To Ransomware Encryption Model As Data Theft Has Become Less Profitable
Ransomware groups shift to encryption driven extortion as organizations worldwide harden breach resilience in the 2020s
BlackFog / Rebecca Harpur 01-01-2026
The State of Ransomware 2026
Ransomware groups attack healthcare, universities, manufacturers, and government sectors in February 2026; the United States reports the highest incident count.
CYFIRMA 02-20-2026
20 February 2026
Ransomware campaigns and data breach events threaten enterprise privacy and require enhanced breach prevention.