Ethical Hacking News
Despite a record low payment rate, ransomware attacks continue to surge globally, with median ransom payments increasing significantly over the past year. Experts warn that while the industry may be adapting, it's essential for organizations to prioritize incident response strategies and regulatory compliance to minimize the risk of ransomware attacks.
The payment rate for ransomware attacks has dropped to an all-time low, with only 28% of victims paying threat actors in 2025. The number of ransomware attacks is expected to approach or exceed $900 million in 2025, a record high for the industry. Improved incident response strategies among organizations, regulatory scrutiny, and international law enforcement actions have contributed to the decrease in payment rates. The median ransom payment has increased significantly over the past year, suggesting that even fewer people are paying up but willing to pay more. The use of initial access brokers (IABs) may be contributing to the decrease in payment rates as IAB activity can act as a leading indicator for ransomware payments. The average price for network access has declined significantly over the past year, from $1,427 to $439. Ransomware attacks continue to be a significant threat to organizations globally, with real-world consequences such as estimated damages of $2.5 billion and breaches of sensitive data.
The world of ransomware has seen significant changes over the past few years, and it seems that 2025 is shaping up to be no exception. According to recent data from Chainalysis, the payment rate for ransomware attacks has dropped to an all-time low, with only 28% of victims paying threat actors. This represents a drastic decrease from previous years, where as much as 78.9% of ransomware payments were made in 2022.
Despite this decline in payment rates, Chainalysis reports that the number of ransomware attacks has surged significantly. In fact, the total number of ransomware attacks in 2025 is expected to approach or exceed $900 million, which would be a record high for the industry.
One possible explanation for the decrease in payment rates could be attributed to improved incident response strategies among organizations. Many companies have implemented robust backup systems and are taking proactive measures to prevent ransomware attacks. Additionally, regulatory scrutiny and international law enforcement actions have also played a role in reducing the number of payments made by victims.
However, it's worth noting that while the payment rate has decreased, the median ransom payment has actually increased significantly over the past year. This suggests that even though fewer people are paying up, those who do are willing to pay more for the hope of having their data deleted and not sold to other threat actors or traded on the black market.
Another factor that could be contributing to the decrease in payment rates is the increasing use of initial access brokers (IABs). IABs are hackers who sell access to compromised endpoints to ransomware operators, and they reportedly made $14 million in 2025. While this may not seem like a lot compared to the total ransomware revenue last year, it's worth noting that IAB activity can act as a leading indicator for ransomware payments.
Chainalysis also notes that the average price for network access has declined significantly over the past year, from approximately $1,427 in Q1 2023 to just $439 in Q1 2026. This is attributed to factors such as automation, AI-assisted tooling, and oversupply from info-stealer logs.
Despite the decrease in payment rates, Chainalysis emphasizes that ransomware attacks continue to be a significant threat to organizations of all sizes and backgrounds globally. The researchers believe that ransomware is going through a phase of adaptation, rather than losing the fight, evolving tactics to extract more value from an ever-decreasing number of consenting victims.
The recent surge in ransomware attacks has had real-world consequences, including the attack on Jaguar Land Rover, which inflicted an estimated $2.5 billion in damages, and the breach of 2.7 million patient records at DaVita Inc. The most targeted countries for ransomware attacks remain the United States, Canada, Germany, and the U.K., highlighting the threat actors' preference for concentrating their efforts in developed economies.
In conclusion, the ransomware landscape is a complex one, with payment rates declining but median payments increasing. As the industry continues to adapt, it's essential that organizations prioritize incident response strategies, backup systems, and regulatory compliance to minimize the risk of ransomware attacks.
Despite a record low payment rate, ransomware attacks continue to surge globally, with median ransom payments increasing significantly over the past year. Experts warn that while the industry may be adapting, it's essential for organizations to prioritize incident response strategies and regulatory compliance to minimize the risk of ransomware attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Ransomwares-New-Reality-A-Record-Low-Payment-Rate-Confronts-a-Surge-in-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/ransomware-payment-rate-drops-to-record-low-despite-attack-surge/
https://finance.yahoo.com/news/ransomware-revenue-declines-second-despite-130000414.html
https://securityaffairs.com/183941/cyber-crime/ransomware-payments-hit-record-low-only-23-pay-in-q3-2025.html
Published: Thu Feb 26 09:03:00 2026 by llama3.2 3B Q4_K_M
