What's Happening?
Ransomware payments have seen a notable decline in the third quarter of 2025, as reported by Coveware, a ransomware incident response firm. The analysis indicates that the payment rates have fallen to
a historical low of 23%, suggesting a decrease in the overall success rate of cyber extortion. This decline is attributed to the efforts of law enforcement, cyber defenders, and legal specialists. The average ransom payment has decreased by 66% to approximately $377,000, while the median payment dropped by 65% to $140,000. Coveware highlights that large enterprises are increasingly refusing to pay ransoms, understanding that paying to suppress data proliferation offers little to no benefit. Meanwhile, mid-market organizations, which are more likely to pay, are agreeing to smaller ransoms. The ransomware groups Akira and Qilin have been identified as the most active, targeting primarily the professional services sector.
Why It's Important?
The decline in ransomware payments is significant for several reasons. It reflects a shift in how organizations are responding to cyber threats, particularly in refusing to pay ransoms, which could deter future attacks. This trend may lead to a reduction in the profitability of ransomware operations, potentially decreasing the frequency of such attacks. The professional services sector, being the most targeted, may experience a reprieve as these trends continue. Additionally, the decrease in payments could encourage more organizations to invest in cybersecurity measures and collaborate with law enforcement to combat cybercrime. This shift could also influence policy changes and the development of more robust cybersecurity frameworks.
What's Next?
As organizations continue to resist paying ransoms, ransomware groups may adapt their strategies, potentially targeting smaller, less prepared organizations or shifting to different forms of cybercrime. The cybersecurity industry may see increased demand for services as companies seek to bolster their defenses. Law enforcement and cybersecurity firms are likely to continue their efforts to disrupt ransomware operations, which could lead to further declines in payment rates. The ongoing collaboration between public and private sectors will be crucial in maintaining this momentum and reducing the impact of ransomware attacks.
Beyond the Headlines
The decline in ransomware payments could have broader implications for the cybersecurity landscape. It may lead to a reevaluation of risk management strategies within organizations, emphasizing prevention and resilience over reactive measures. The ethical considerations of paying ransoms, which can fund further criminal activities, may also gain more attention, influencing corporate policies and public discourse. Long-term, this trend could contribute to a cultural shift in how cyber threats are perceived and addressed, promoting a more proactive and unified approach to cybersecurity.
