CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Ransomware Payment Rate Declines Amid Rising Attacks

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

The percentage of ransomware victims paying threat actors dropped to 28% in 2025, the lowest recorded, despite a 50% increase in attacks. Total on-chain payments reached $820 million, with projections exceeding $900 million. Factors like improved incident response, regulatory scrutiny, and law enforcement actions contributed to the decline. The median ransom payment surged by 368%, indicating larger payouts from fewer victims. The number of active extortion groups rose to 85, with notable attacks on Jaguar Land Rover, Marks & Spencer, and DaVita Inc. The U.S. remained the most targeted country. The ransomware payment rate has been declining for four consecutive years, and the average price for network access declined from $1,427 in Q1 2023 to $439 in Q1 2026.

Timeline

  1. 26.02.2026 16:00 2 articles · 4h ago

    Ransomware Payment Rate Drops to 28% in 2025

    The percentage of ransomware victims paying threat actors dropped to 28% in 2025, the lowest recorded, despite a 50% increase in attacks. Total on-chain payments reached $820 million, with projections exceeding $900 million. The median ransom payment surged by 368%, indicating larger payouts from fewer victims. The number of active extortion groups rose to 85, with notable attacks on Jaguar Land Rover, Marks & Spencer, and DaVita Inc. The ransomware payment rate has been declining for four consecutive years, and the average price for network access declined from $1,427 in Q1 2023 to $439 in Q1 2026.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Ransomware Victims and Groups Reach Record Highs in 2025

In 2025, ransomware victims listed on extortion sites surged by 30% annually, reaching 7458. The number of active ransomware groups also hit a new high of 124, with 73 new groups identified. AI is lowering the barrier to entry for new threat groups, aiding in social engineering, data analysis, and ransomware negotiations. Despite the increase in victims, ransom payments fell by 35% in 2024, and this trend is likely to have continued in 2025. The ransomware ecosystem remains professionalized and effective, with large syndicates fracturing into smaller, agile cells, making the threat landscape more complex.

Open in new tab

Ransomware Activity Trends and Victim Statistics in 2025

Ransomware activity in 2025 saw a significant increase in reported victims compared to previous years, with 7,902 victims listed by Ransomware.live. Traditional ransomware syndicates remained active, alongside less organized groups like Scattered Spider, Lapsus$, and ShinyHunters. Qilin emerged as the most prolific group, claiming 1,001 victims, followed by Akira and Clop. The manufacturing, technology, and healthcare sectors were the most targeted industries. US victims accounted for half of the total reported incidents.

Open in new tab

Ransomware payment rates decline to 23% in Q3 2025

Ransomware payment rates have dropped to 23% in Q3 2025, a new low. This decline is attributed to improved defenses and increased pressure from authorities not to pay. Ransomware groups are adapting by targeting medium-sized firms and focusing on data exfiltration. The average and median ransom payments also decreased to $377,000 and $140,000, respectively. The shift in payment rates and tactics reflects a broader trend of organizations strengthening their defenses and recognizing the value of investing in cybersecurity rather than paying ransoms. This trend is expected to continue as ransomware groups seek more profitable targets.

Open in new tab