Ethical Hacking News
Ransomware's Profitability Plummets as Victims Refuse to Pay
In a significant turn of events, ransomware threat actors have witnessed a substantial decline in their profits over the past six years. According to Coveware, only 23% of breached companies were willing to pay ransomware threats in Q3 2025, representing an all-time low. The shift in tactics and the increased pressure from authorities have contributed to this decline, with more than 76% of attacks now involving data exfiltration. Learn more about the changing landscape of ransomware attacks and how organizations can prepare for future threats.
The payment percentage for ransomware victims has reached an all-time low, with only 23% willing to pay in Q3 2025.The decline is attributed to stronger protections and pressure from authorities on victims not to pay.Ransomware tactics have shifted towards data exfiltration (76% of attacks), double extortion (data theft and public leak threat).Payment rates have plummeted to 19% for non-encrypting, data-stealing attacks.The average ransomware payment fell to $377,000 in Q3 2025 compared to the previous quarter.Remote access compromise and software vulnerabilities are becoming more prevalent attack vectors.
In a significant turn of events, ransomware threat actors have witnessed a substantial decline in their profits over the past six years. According to Coveware, a leading cybersecurity firm that tracks and analyzes ransomware attacks, the payment percentage for victims who give in to attackers' demands has reached an all-time low.
The data collected by Coveware reveals that as of the third quarter of 2025, only 23% of breached companies were willing to pay ransomware threats. This represents a significant decrease from the first quarter of 2024, where the payment percentage was 28%. Although it increased over the next period, it continued to drop, reaching an all-time low in Q3 2025.
Coveware attributes this decline in payment resolution rates to the implementation of stronger and more targeted protections against ransomware by organizations. Moreover, authorities have been increasing pressure on victims not to pay the hackers. The company's CEO, Brett Goldstein, states, "Cyber defenders, law enforcement, and legal specialists should view this as validation of collective progress." He further emphasizes that "the work that gets put in to prevent attacks, minimize the impact of attacks, and successfully navigate a cyber extortion — each avoided payment constricts cyber attackers of oxygen."
The shift in ransomware tactics has also been notable. According to Coveware, more than 76% of the attacks it observed in Q3 2025 involved data exfiltration, which is now the primary objective for most ransomware groups. This trend suggests that threat actors have moved away from pure encryption attacks and are instead focusing on double extortion, which involves data theft and the threat of a public leak.
When Coveware isolates the attacks that do not encrypt the data and only steal it, the payment rate plummets to 19%, which is also a record for that sub-category. The average and median ransomware payments fell in Q3 compared to the previous quarter, reaching $377,000 and $140,000, respectively.
The rise of remote access compromise as the leading attack vector, alongside a significant increase in the use of software vulnerabilities, has been another notable trend over the past year. Coveware believes that diminishing profits are driving ransomware gangs to greater precision and that larger enterprises will be increasingly targeted as profit margins continue to shrink.
Threat actors are likely to rely more on social engineering and insider recruitment, offering large bribes for help gaining initial access. This shift in tactics highlights the evolving nature of ransomware attacks and the need for organizations to remain vigilant in their cybersecurity efforts.
The decline in ransomware payments is a testament to the collective progress made by cyber defenders, law enforcement, and legal specialists in preventing and responding to these types of threats. As threat actors adapt to this new landscape, it is essential for organizations to continue strengthening their defenses against future attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Ransomwares-Profitability-Plummets-as-Victims-Refuse-to-Pay-ehn.shtml
https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/
Published: Mon Oct 27 15:11:22 2025 by llama3.2 3B Q4_K_M
