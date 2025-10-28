Report claims only 23% of ransomware victims paid attackers in Q3 2025, a record low

Average ransom payment dropped 66% to $376,941; median fell 65% to $140,000

Data exfiltration-only attacks saw just 19% of victims paying ransoms

The number of companies paying ransomware attackers for decryption keys and delete stolen files has plummeted, and now represents just 23% of all victims, new research has claims.

In its report, Coveware said ransom payment rates across all impact scenarios - encryption, data exfiltration, and other extortion - fell to a “historical low” of 23% in Q3 2025. “

This continuation of the long-term downward trend is something all industry participants should take a moment to reflect on: that cyber extortion’s overall success rate is contracting," the company said.

Data-only attacks performing poorly, too

This is not the only metric that’s significantly down. Average ransom payment is now $376,941, representing a two-third decrease (66%) compared to Q2 2025. Median ransom payment is now $140,000, which is also down 65% compared to the second quarter of the year.

Originally, the idea of ransomware was to simply encrypt the files and then ask for money in exchange for the decryption key. However, when businesses started setting up backups, hackers started stealing files and threatening to release them on the internet - a tactic now commonly known as “double extortion”.

In the meantime, building and maintaining ransomware variants became expensive, forcing many ransomware actors to abandon the encryption part altogether and focus exclusively on data exfiltration. ShinyHunters is a shining example (pun very much intended).

But Coveware says even this tactic isn’t fruitful, as for data exfiltration-only incidents, ransom payments fell to 19% in Q3 2025, which is “another record low.”

“While this resolution rate tends to bounce around, Q3 was a very active quarter for data exfiltration attacks,” the researchers stressed.

“Cyber defenders, law enforcement, and legal specialists should view this as validation of collective progress,” Coveware says. “The work that gets put in to prevent attacks, minimize the impact of attacks, and successfully navigate a cyber extortion — each avoided payment constricts cyber attackers of oxygen.”

