Ethical Hacking News
Ransomware payments have reached a record low, with only 23% of ransomware victims paying attackers in Q3 2025. The decline is attributed to the growing maturity among enterprises and cyber response teams, as well as the increasing sophistication of security measures. However, experts caution that the growing automation of attacks and AI will make it challenging to completely eliminate criminal activity. As the cyber extortion economy continues to evolve, businesses must remain vigilant and proactive in preventing these types of incidents.
Ransomware payment rates fell to a record low of 23% in Q3 2025.The average ransom payment dropped to $376,941 (down 66% from Q2) and the median fell to $140,000 (down 65%).Large firms are refusing to pay ransoms due to the rarity of data leaks stopping.A high-volume, low-demand strategy by groups like Akira and Qilin is proving effective against mid-sized firms with smaller demands.The cyber extortion economy's success rate is contracting, with continued joint efforts from defenders, law enforcement, and industry needed to make progress.Mid-sized companies tend to pay smaller ransoms due to affordability and ease of disruption.Attackers are still using common entry points like remote access compromise, phishing, and software vulnerabilities.The median company size of enterprises impacted by a cyber extortion incident was 362 employees in Q3 2025.
Cybersecurity firm Coveware has released its latest report, detailing the trend of ransomware payments over Q3 2025. The data reveals that only 23% of ransomware victims paid attackers during this period, marking a record low and continuing a six-year decline in payment rates.
The average ransom payment dropped to $376,941 in Q3 2025 (down 66% from Q2), while the median fell to $140,000 (down 65%). Large firms are refusing to pay, realizing that ransoms rarely stop data leaks. Instead, groups like Akira and Qilin target mid-sized firms with smaller, more frequent demands, using a high-volume, low-demand strategy that's proving more effective against less resilient victims.
"Ransom payment rates across all impact scenarios — encryption, data exfiltration, and other extortion — fell to a historical low of 23% in Q3 2025," the report reads. "This continuation of the long-term downward trend is something all industry participants should take a moment to reflect on: that cyber extortion's overall success rate is contracting."
Experts see the drop in ransom payments as evidence of progress, each avoided payment cutting off attackers' Bitcoin 'oxygen.' Continued joint efforts from defenders, law enforcement, and industry can further shrink the cyber extortion economy to zero. However, it's also argued that the growing automation of attacks and the level of sophistication achieved through AI will make it difficult to completely eliminate criminal activity.
In Q3 2025, Coveware observed that ransom payments in data exfiltration-only attacks dropped to a record low of 19%, despite a surge in such incidents. The decline reflects growing maturity among enterprises and cyber response teams, especially privacy attorneys. Paying to suppress data leaks is now widely discouraged, as even 'nuisance payments' sustain the extortion economy and conflict with best practices.
Mid-sized companies tend to pay smaller ransoms after attacks because they can't afford large sums and are easier to disrupt. Ransomware groups like Akira and Qilin exploit this with a high-volume, low-demand strategy.
In Q3 2025, attackers kept using the same main entry points — remote access compromise, phishing, and software vulnerabilities — that have been exploited in previous attacks. Remote access made up over half of incidents, driven by weak credentials and poor configuration hygiene. Social engineering often merged with technical access, as attackers tricked staff into granting entry.
The attackers remained opportunistic, exploiting easy entry points like unpatched systems, exposed remote access, and stolen credentials. They targeted scale and weak configurations over specific industries. If ransomware-as-a-service actors shift to more targeted attacks, future data will reveal that trend.
"The median company size of enterprises impacted by a cyber extortion incident was 362 employees (up 27% from Q2 2025) in Q3 2025," the report concludes. "The fact that payment frequency and payment amounts are down — a notable paradox that challenges the 'big game hunting' assumption that larger targets guarantee bigger payouts." This suggests that while attackers may invest more to reach larger organizations, the return on investment is not assured.
Furthermore, TP-Link has urged immediate updates for its Omada Gateways after discovering critical flaws. Meanwhile, PhantomCaptcha targeted Ukraine relief groups with a WebSocket RAT in October 2025, and Cyberattack on Jaguar Land Rover inflicted $2.5B loss on the UK economy.
In light of these recent events, cybersecurity experts emphasize the need for vigilance and proactive measures to prevent cyber extortion attacks. Businesses must prioritize robust security measures, including regular software updates, multi-factor authentication, and employee training.
Related Information:
https://www.ethicalhackingnews.com/articles/Ransomware-Payments-Reach-a-Record-Low-A-Decline-in-Payment-Rates-Amidst-Ongoing-Efforts-to-Combat-Cyber-extortion-ehn.shtml
https://securityaffairs.com/183941/cyber-crime/ransomware-payments-hit-record-low-only-23-pay-in-q3-2025.html
https://www.securityweek.com/ransomware-payments-dropped-in-q3-2025-analysis/
Published: Tue Oct 28 06:37:27 2025 by llama3.2 3B Q4_K_M
