It’s a crisis, even for hackers! If some time ago ransomware could generate great profits, today it no longer seems to be the case. This malware, which blocks access to a device or files until a ransom is paid, is popular with hackers. However, they no longer generate as much money, according to a report by the company Coveware.
In fact, the number of victims who paid these ransoms reached an all-time low in the third quarter of 2025, falling to 23%. It had already fallen to 25% in the last quarter of 2024. With some exceptions, this new decline confirms the decline observed by Coveware over the last six years.
“Cybersecurity specialists, law enforcement, and attorneys should see this as validation of the collective progress being made. Efforts to prevent attacks, minimize their impact, and effectively counter cyberextortion attempts are essential: every avoided payment deprives cyberattackers of resources,” the company behind the report stated.
Much less lucrative attacks
Not only are there fewer victims paying ransoms, but their average amount has dropped considerably, from more than $1.1 million to $376,941 between the second and third quarters of 2025. A drop of 66%. For Coveware, this shows that companies targeted by cybercriminals are increasingly resisting pressure to pay the ransom.
Because yes, in recent years, ransomware groups have not limited themselves to encrypting data to make it inaccessible. They carried out double extortion, stole this information and threatened to leak it. In some cases, they even simply steal data, but this is no longer as lucrative as it used to be. In fact, the surrender rate fell to 19% in the third quarter of this year. A new record after the drop to 31% in the first quarter of 2025.
Although victims were less willing to pay, data exfiltration attacks remain popular among hackers, making up 76% of all attacks observed by Coveware.
A fall linked to several factors
Other factors explain this lesser success of ransomware. According to the company, lawyers who recommend giving in to blackmail by cybercriminals are rare. “It is now common practice during data exfiltration incidents to encourage payment rejection,” he added.
Some groups also tend to target small and medium-sized businesses. This was done by Akira and Qilin, who accounted for 44% of all attacks recorded in the third quarter. But while medium-sized companies are more likely to pay the ransom, smaller ones cannot afford it. However, they are still easier to attack.
Source: BFM TV
