Indonesian Political, Business & Finance News

Online Account Thieves Proliferate, $13 Trillion in Funds Vanishes Instantly

| Source: CNBC Translated from Indonesian | Regulation
Online Account Thieves Proliferate, $13 Trillion in Funds Vanishes Instantly
Image: CNBC

Jakarta — Online thieves draining bank accounts are becoming increasingly prevalent in 2025. Ransomware attacks — which involve theft and data encryption to demand ransom payments — have reportedly surged by up to 50%.

Ransomware activity in 2025 is described as the most active ever recorded. However, there is another phenomenon emerging: victims are increasingly reluctant to pay ransoms.

Ransom payments to perpetrators reached over $820 million (Rp13.9 trillion) in on-chain payments. This figure represents a slight 8% decline from the previous year’s $892 million (Rp15 trillion).

Chainalysis estimates total payments are likely higher, at approximately $900 million (Rp15.2 trillion), as not all attacks and ransom payments are recorded.

Based on the dynamics of increasing attacks and stable total payments, the percentage of ransom payments has reached its lowest point this year at 28%.

According to eCrime.ch, attacks are increasingly targeting small and medium enterprises, as victims in these sectors tend to pay ransom demands more quickly.

“However, Chainalysis data shows that payments tend to decline despite public claims reaching an all-time record. This difference is significant, indicating that attackers are working harder to achieve diminishing returns,” explained eCrime.ch founder Corsin Camichel, as cited by Chainalysis.

According to Chainalysis, the overall lower payment figures demonstrate increased regulatory response and enhanced oversight. This has helped reduce the frequency of ransom payments for ransomware attacks.

Restrictions on various revenue streams have been successfully implemented through international action against ransomware operators, infrastructure, and money laundering networks.

Additionally, the emergence of variants such as Volklocker in certain cases has disrupted some ransomware variants. This variant is known for its cryptographic weaknesses and allows free decryption in some cases.

The report also notes a shift towards more decentralised and fluid cybercriminal activities. This makes attribution, response, and long-term tracking increasingly important.

View JSON | Print