Ransomware Payouts Hit Record $3.6M as Attacks Evolve
â–Ľ Summary
– The average ransomware payment rose 44% to $3.6 million in 2025, despite a decrease in the total number of attacks.
– Cybercriminals are shifting to fewer, more targeted operations to achieve higher returns and longer-lasting impacts, as per the 2025 Global Threat Landscape Report.
– Ransomware incidents dropped by about 25% from 2024, with affected organizations reporting an average of five to six attacks over the past year.
– Healthcare and government sectors faced the highest payouts at nearly $7.5 million per incident, with 70% of affected organizations paying the ransom.
– Public cloud infrastructure, third-party integrations, and generative AI applications were identified as the top sources of cybersecurity risk, expanding the attack surface.
The average ransom payment demanded by cybercriminals has skyrocketed to a record $3.6 million this year, marking a sharp 44% increase from the previous year’s figure of $2.5 million. This dramatic rise comes even as the total number of ransomware incidents has actually decreased, signaling a major shift in how threat actors are choosing their targets and structuring their campaigns.
According to the latest Global Threat Landscape Report, malicious groups are now executing fewer but far more precise attacks designed to inflict maximum financial damage and operational disruption. Researchers surveyed 1,800 IT and cybersecurity professionals across seven nations, finding that organizations experienced an average of five to six ransomware events over the past twelve months. This represents a notable drop of roughly one-quarter compared to the year before.
Although attacks are becoming less frequent, their consequences are growing more severe. A striking 70% of victimized organizations opted to pay the ransom, with critical sectors like healthcare and government bearing the heaviest burdens. These sectors faced average payouts nearing $7.5 million per incident, while the financial industry averaged $3.8 million. The escalation is largely driven by highly organized cybercrime syndicates such as RansomHub, LockBit, and DarkSide, which continue to refine their tactics for greater impact.
Security analysts note that the blend of increasingly sophisticated attackers and a rapidly expanding digital footprint creates a perfect storm. This dangerous combination makes malicious activity harder to identify and gives adversaries a critical advantage during the early stages of an intrusion.
The report also highlights the primary sources of growing cybersecurity exposure. Public cloud infrastructure was identified as the leading risk, cited by 53.8% of respondents. It was followed closely by third-party software integrations at 43.7% and the expanding use of generative AI applications at 41.9%. As organizations become more interconnected, these complex digital ecosystems are widening the attack surface and making comprehensive defense significantly more challenging for security teams.
(Source: Info Security)
