Trends in Cyber Extortion and Ransomware Payments

This technical report examines the evolving landscape of cyber extortion, particularly focusing on ransomware incidents and the decision-making processes surrounding ransom payments. It outlines the significant decline in payment resolution rates, with only 20% of organizations paying ransoms in Q4 2025, down from 85% in 2019. The report details the implications of these trends, including the increased mortality rates in hospitals due to ransomware attacks and the financial pressures faced by organizations. It presents data on average and median ransom payments, highlighting a rise in average payments to $591,988 in Q4 2025. The report also discusses the shift in organizational responses to ransomware, noting that many now refuse to pay, relying instead on improved backup practices and incident response strategies. Additionally, it addresses the tactics employed by attackers and the importance of verifying claims made during extortion events, emphasizing the need for organizations to prepare for potential operational impacts without resorting to payment.