Coveware: ransomware payouts fall to record low in Q3 2025

New figures from Coveware show a sharp shift in the economics of cyber extortion: in the third quarter of 2025, only 23% of victimized companies agreed to pay a ransom to hackers. That is the lowest level since tracking began in 2019, when 85% chose to pay. By early 2024 the rate had already fallen to 28%, and now it has slid further to 23%.

The trend is not just about fewer payouts. Average ransom amounts plunged 66% quarter over quarter to $376,941, while the median fell to $140,000, down 65% from a year earlier. The authors caution that quarterly swings can be pronounced—last quarter saw an unusually high level of payments—but the broader trajectory points decisively downward.

Analysts link both the drop in willingness to pay and the shrinking ransom figures to two main forces: stronger in-house cybersecurity practices and the growing maturity of incident response and management services. More organizations are putting money into preventive controls, data backups, network segmentation, and recovery planning, which blunts the leverage of extortion as a business model. Investment in fundamentals, it seems, is starting to change the payoff calculus.

The report also highlights the attack vectors that remain in heavy rotation. Adversaries continue to abuse remote access services and pair them with phishing, social engineering, and exploitation of software vulnerabilities. This multi-step playbook raises the odds of initial access, but fewer successful outcomes—and less willingness to pay—are squeezing profits from these campaigns.

Experts emphasize that defense alone will not dismantle the extortion economy. The industry needs a systematic approach: regular updates, penetration testing, staff training, and access to qualified response teams. For now, the steady move away from payments suggests mounting pressure on criminal groups and shrinking revenues—momentum that could reshape the cyberthreat landscape in the years ahead.