Ransomware payments cratered in 2025, but attacks surged to record highs
Summary
Ransomware payments significantly decreased in 2025, despite a surge in the number of ransomware attacks reaching record levels. This suggests that while attacks are becoming more frequent, victims are less willing or able to pay the ransom demands, possibly due to improved defenses or a shift in attacker tactics.
IFF Assessment
The increase in ransomware attacks despite lower payments indicates that attackers are still actively targeting organizations, even if their financial gains are diminishing.
Defender Context
Defenders need to be aware of the increasing volume of ransomware attacks, even if payment rates are declining. It's important to focus on preventative measures like robust backups, patching vulnerabilities, and security awareness training to reduce the risk of a successful attack. Monitoring for unusual network activity and implementing strong endpoint detection and response (EDR) solutions can help detect and respond to attacks before data is encrypted.