- Report claims only 23% of ransomware victims paid attackers in Q3 2025, a record low
- Average ransom payment fell 66% to $376,941; the median fell 65% to $140,000
- Only 19% of victims paid ransoms in attacks based only on data exfiltration
The number of businesses paying ransomware attackers for decryption keys and deletion of stolen files has plummeted and now represents just 23% of all victims, new research claims.
In its report, Coveware said that ransom payment rates across all impact scenarios — encryption, data exfiltration and other extortion — fell to a “historic low” of 23% in Q3 2025.”
This continuation of the long-term downward trend is something that all industry participants should take a moment to reflect on: that the overall success rate of cyber extortion is declining,” the company said.
Data-only attacks also fare poorly
This is not the only target that is significantly lower. The average ransom payment is now $376,941, which represents a two-thirds (66%) decrease compared to Q2 2025. The average ransom payment is now $140,000, which is also a 65% decrease from the second quarter of the year.
Originally, the idea of ransomware was simply to encrypt the files and then ask for money in exchange for the decryption key. But as companies began setting up backups, hackers began stealing files and threatening to release them on the Internet — a tactic now commonly known as “double blackmail.”
Meanwhile, building and maintaining ransomware variants became expensive, forcing many ransomware actors to abandon the encryption part altogether and focus solely on data exfiltration. ShinyHunters is a shining example (pun very much intended).
But Coveware says that even this tactic is not fruitful, as for data exfiltration incidents, ransom payments only fell to 19% in Q3 2025, which is “another record low.”
“While this resolution rate tends to bounce around, Q3 was a very active quarter for data exfiltration attacks,” the researchers emphasized.
“Cyber defenders, law enforcement and legal specialists should see this as a validation of collective progress,” says Coveware. “The work that goes into preventing attacks, minimizing the impact of attacks, and successfully navigating a cyber extortion – every avoided payment limits cyber attackers’ oxygen.”
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
