429/68 Wednesday, October 29, 2025
A recent report from Coveware, a ransomware response specialist, reveals a key statistic: the ransom-payment rate among victimised organisations has fallen to a record low. In the third quarter of 2025 only 23% of attacked companies paid a ransom. This continues a six-year downward trend (compared with 28% in Q1 2024). The report attributes the decline mainly to organisations adopting stronger, more targeted defenses and increased pressure from law-enforcement agencies advising victims not to pay. Experts view this as a positive sign of improving collective resilience – each refusal to pay cuts off a source of funding for cybercriminals.
With fewer victims paying, ransomware actors have shifted tactics. What used to be primarily file encryption is now dominated by the double-extortion model: attackers first steal sensitive data and then threaten public release unless a ransom is paid. In Q3 2025, 76% of incidents involved data theft, making exfiltration the primary objective for many groups. Average ransom demands have also fallen – the mean payment is now $377,000 – reflecting that large organisations increasingly choose to invest in security improvements rather than pay.
The report also highlights a change in attack vectors: exploitation of vulnerabilities and takeover of remote access channels have overtaken phishing as the most common initial access methods. As large enterprises harden their defenses, groups such as Akira and Qilin (which together accounted for 44% of attacks in Q3) have shifted focus to mid-sized companies that are more likely to pay. Experts predict that as ransomware profitability drops further, attackers will pivot to higher-precision campaigns, increased social-engineering, and recruiting insiders by offering large bribes to gain internal access.
