Ransomware payments hit a new low among businesses in the third quarter of 2025, according to a report from Coveware. It is great news to end the biggest threat to global cybersecurity.
A typical Ransomware infects personal computers or mobile devices, blocks their operation and/or access to a part of the equipment, seizing the files with strong encryption and demanding companies or users an amount of money as a “ransom” to release them. Taking into account that the motivations of cybercriminals are mostly economic, not paying is one of the most effective measures to reduce this problem.
According to Coveware, “Only” 23% of affected companies paid in the last quarter. And we put in quotes because there are still too many, although the downward trend is clear and positive and it is a minimum that has not been recorded in years. One explanation for this is that organizations implemented stronger, more specific protections against ransomware and authorities increased pressure on victims not to pay hackers.
“Cyber defenders, law enforcement, and legal specialists should see this as a validation of collective progress… The work being done to prevent attacks, minimize their impact, and successfully navigate cyber extortion is a triumph: Every evaded payment deprives cyber attackers of oxygen«they explain.
The change may reflect that large companies are reviewing their ransom payment policies and recognizing that those funds are better spent strengthening defenses against future attacks. The researchers also note that threat groups such as Akira and Qilin, which accounted for 44% of all attacks recorded in the third quarter of 2025, have shifted their focus to medium-sized companies that are currently more likely to pay a ransom.
Another notable trend over the past year is the increase in remote access breaches as a primary attack vector, along with a significant rise in the use of software vulnerabilities.
Coveware believes declining profits are driving ransomware gangs into a Greater accuracy as profit margins continue to shrink. As larger organizations have strengthened their security posture, threat actors are likely to rely more on social engineering and insider recruitment, offering large bribes in exchange for help gaining initial access.
