Ransomware Payments Hit Record Low: Only 23% Pay in Q3 2025, Marking a Six-Year Decline

According to a report by cybersecurity firm Coveware, only 23% of ransomware victims paid their attackers in the third quarter of 2025, marking the lowest rate ever recorded. This continues a six-year trend of declining payment rates, with 28% of victims paying in 2024. The data indicates a significant reduction in ransom payments compared to previous years, suggesting a shift in the ransomware landscape. The decline in payment rates could be attributed to improved cybersecurity defenses, better backup and recovery strategies, and increased awareness among organizations. Additionally, legal and ethical considerations may be discouraging victims from negotiating with attackers. The continuous decline in ransom payments over six years suggests that organizations are becoming more resilient to ransomware attacks. This resilience could be due to the adoption of advanced endpoint protection solutions, network segmentation, and comprehensive incident response plans. Moreover, the decline may reflect the effectiveness of cybersecurity training programs that educate employees on recognizing and preventing ransomware infections. The decreasing trend in ransom payments could have several implications for the cybersecurity landscape. Firstly, it may discourage cybercriminals from relying on ransomware as their primary attack vector, potentially leading to a shift in their tactics. However, it could also result in more aggressive and destructive attacks as criminals seek to increase their success rates. Furthermore, the decline in payments highlights the importance of proactive cybersecurity measures. Organizations that invest in robust backup and recovery solutions, regular cybersecurity training, and collaboration with law enforcement and cybersecurity firms are better positioned to mitigate the impact of ransomware attacks. For cybersecurity professionals, the key takeaway is the importance of maintaining and updating cybersecurity defenses. Regularly testing backup and recovery procedures, conducting cybersecurity awareness training, and staying informed about the latest threats and mitigation strategies are crucial steps in protecting against ransomware attacks. Additionally, organizations should consider participating in information-sharing initiatives and collaborating with cybersecurity firms and law enforcement agencies. These partnerships can provide valuable insights into emerging threats and help in the swift response to and recovery from ransomware incidents. In conclusion, the record-low ransomware payment rate in Q3 2025 is a positive development, indicating improved resilience among organizations. However, cybersecurity professionals must remain vigilant and continue to enhance their defenses to stay ahead of evolving threats.