Ransomware Attacks Surge in 2025, But Payouts Decline Sharply

The year 2025 has seen an unprecedented surge in ransomware attacks, reaching record-breaking levels. However, new research indicates that the financial rewards for cybercriminals are dwindling significantly. This suggests a shift in the dynamics of ransomware attacks, with victims becoming more resilient and less willing to pay exorbitant ransoms.

BlackFog's "State of Ransomware" report reveals a staggering 81% increase in publicly disclosed ransomware attacks in March 2025 compared to the previous year. The report documented over 100 attacks, with an average ransom demand of $663,582. This is the highest number of attacks recorded by BlackFog since it began tracking incidents in 2020. Threat intelligence firm Cyble has also reported similar findings, highlighting a record high in ransomware attacks.

One possible explanation for the surge in attacks is that ransomware groups are attempting to compensate for lower payouts by increasing the volume of their attacks. A drop in income being made by the extortion gangs cannot be underlined enough, with reports that there has been a 35% year-over-year decrease in ransomware payments. Chainalysis reports that less than half of recorded incidents are resulting in payments by victims.

The decline in ransomware payments indicates that organizations are improving their defenses and negotiating skills. Victims are either refusing to pay altogether or successfully negotiating lower ransom amounts. This growing resistance is a significant challenge for cybercriminals.

Ransomware gangs also face internal challenges, including managing unruly affiliates who may switch allegiances to other ransomware operations for better compensation. The Reliaquest report also stated that affiliate loyalty to particular ransomware groups can be fickle or short-lived.

Leaked chats from within the Black Basta ransomware group revealed internal strife before it ceased operations. Similarly, affiliates of the RansomHub operation sought new affiliations after the group reduced its profit-sharing arrangement from 90% to 85%.

Despite these challenges, the threat of ransomware remains significant, and businesses cannot afford to be complacent. Law enforcement agencies worldwide are intensifying their efforts to disrupt ransomware operations, but organizations must also take proactive measures to protect themselves.

Businesses should implement the following measures to mitigate the risk of ransomware attacks:

By implementing these measures, organizations can significantly reduce their risk of falling victim to ransomware attacks and minimize the potential financial and operational impact.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: