05-11-25, 10:41 PM
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands.
One explanation for this is that organizations implemented stronger and more targeted protections against ransomware, and authorities increasing pressure for victims not to pay the hackers.
Over the years, ransomware groups moved from pure encryption attacks to double extortion that came with data theft and the threat of a public leak.
Coveware reports that more than 76% of the attacks it observed in Q3 2025 involved data exfiltration, which is now the primary objective for most ransomware groups.
The researchers also note that threat groups like Akira and Qilin, which accounted for 44% of all recorded attacks in Q3 2025, have switched focus to medium-sized firms that are currently more likely to pay a ransom.
As larger organizations have strengthened their security posture, threat actors are likely to rely more on social engineering and insider recruitment, offering large bribes for help gaining initial access.
