Ransomware Profits Drop As Victims Stop Paying Hackers

The percentage of companies paying ransomware demands has reached a new low of 23%, continuing a six-year downward trend. This decline is attributed to improved organizational defenses and increased pressure from authorities discouraging payments. Ransomware groups have shifted focus from simple encryption to double extortion, involving data theft and leak threats. In the third quarter of 2025, over 76% of observed attacks included data exfiltration, now the primary objective. Attacks solely involving data theft, without encryption, see an even lower payment rate of 19%. Average and median ransom payments have also decreased, suggesting enterprises are prioritizing defense investments over paying ransoms. Some threat groups are now targeting medium-sized firms, which are more likely to comply with ransom demands. Coveware views this trend as validation of collective progress in combating cyber extortion. Avoiding payments is crucial for constricting attackers' resources. This progress highlights the effectiveness of prevention, impact minimization, and successful navigation of cyber extortion situations.