- Report claims that only 23% of ransomware victims paid attackers in Q3 2025, an all-time low
- The average ransom payment fell 66% to $376,941; the median fell 65% to $140,000
- In data exfiltration attacks, only 19% of victims paid ransoms
The number of companies paying ransomware attackers for decryption keys and deletion of stolen files has plummeted and now accounts for just 23% of all victims, new research claims.
In its report, Coveware said that ransom payment rates across all impact scenarios (encryption, data exfiltration and other extortion) fell to an “all-time low” of 23% in the third quarter of 2025.”
“This continuation of the long-term downward trend is something all industry participants should take a moment to reflect on: that the overall success rate of cyber extortion is contracting,” the company said.
Data-only attacks also work poorly
This is not the only metric that has dropped significantly. The average ransom payment is now $376,941, which is a two-thirds (66%) decrease compared to the second quarter of 2025. The average ransom payment is now $140,000, which is also a 65% decrease compared to the second quarter of the year.
Originally, the idea of ransomware was to simply encrypt the files and then ask for money in exchange for the decryption key. However, when companies began creating backups, hackers began stealing files and threatening to post them on the Internet, a tactic now commonly known as “double extortion.”
Meanwhile, creating and maintaining ransomware variants became expensive, forcing many ransomware actors to completely abandon the encryption part and focus exclusively on data exfiltration. ShinyHunters is a shining example (pun very much intended).
But Coveware says that even this tactic is not fruitful, as for data exfiltration incidents alone, ransom payments fell to 19% in the third quarter of 2025, which is “another all-time low.”
“While this resolution rate tends to vary, the third quarter was a very active quarter for data exfiltration attacks,” the researchers stressed.
“Cyber defenders, law enforcement, and legal practitioners should see this as validation of collective progress,” Coveware says. “The work that goes into preventing attacks, minimizing the impact of attacks, and successfully circumventing cyber extortion – every payment avoided restricts the oxygen for cyber attackers.”
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
