- Report claims that solely 23% of ransomware victims paid attackers in Q3 2025, an all-time low
- The common ransom cost fell 66% to $376,941; the median fell 65% to $140,000
- In knowledge exfiltration assaults, solely 19% of victims paid ransoms
The variety of firms paying ransomware attackers for decryption keys and deletion of stolen information has plummeted and now accounts for simply 23% of all victims, new analysis claims.
In its report, Coveware stated that ransom cost charges throughout all impression situations (encryption, knowledge exfiltration and different extortion) fell to an “all-time low” of 23% within the third quarter of 2025.”
“This continuation of the long-term downward development is one thing all trade members ought to take a second to replicate on: that the general success price of cyber extortion is contracting,” the corporate stated.
Data-only assaults additionally work poorly
This just isn’t the one metric that has dropped considerably. The common ransom cost is now $376,941, which is a two-thirds (66%) lower in comparison with the second quarter of 2025. The common ransom cost is now $140,000, which can be a 65% lower in comparison with the second quarter of the yr.
Originally, the thought of ransomware was to easily encrypt the information after which ask for cash in alternate for the decryption key. However, when firms started creating backups, hackers started stealing information and threatening to publish them on the Internet, a tactic now generally referred to as “double extortion.”
Meanwhile, creating and sustaining ransomware variants grew to become costly, forcing many ransomware actors to utterly abandon the encryption half and focus completely on knowledge exfiltration. ShinyHunters is a shining instance (pun very a lot meant).
But Coveware says that even this tactic just isn’t fruitful, as for knowledge exfiltration incidents alone, ransom funds fell to 19% within the third quarter of 2025, which is “one other all-time low.”
“While this decision price tends to fluctuate, the third quarter was a really energetic quarter for knowledge exfiltration assaults,” the researchers pressured.
“Cyber defenders, law enforcement, and legal practitioners should see this as validation of collective progress,” Coveware says. “The work that goes into stopping assaults, minimizing the impression of assaults, and efficiently circumventing cyber extortion – each cost averted restricts the oxygen for cyber attackers.”
Through beepcomputer
