Ransomware payments made on-chain fell to $820 million in 2025, marking an 8% decrease from the previous year's $892 million, according to a Chainalysis report. This decline comes despite a 50% surge in ransomware attacks, which reached their highest level ever. The report highlights a shift in attackers' focus towards medium and small-scale organizations, while large-scale attacks persist. The decrease in payments suggests a trend of fewer victims paying ransoms, even as the median ransom payment soared by 368% to $59,556. The report attributes the decline in payments to increased law enforcement crackdowns and the decentralization of ransomware operations, with smaller independent groups emerging. The U.S. remains the most targeted region, with significant attacks also occurring in Canada, Germany, and the UK, particularly in manufacturing and finance sectors. Notable attacks in 2025 included a $2.5 billion economic loss for Jaguar Land Rover and disruptions to Marks & Spencer by the Scattered Spider group. Despite the prevalence of attacks on smaller enterprises, these major incidents underscore the ongoing threat posed by ransomware actors.