Despite a drop in the overall number of ransomware payments, the costs for those who did pay soared in 2025, according to a new report from Chainalysis. The report highlights a significant shift in the ransomware landscape, where fewer victims are paying up, but those who do are facing unprecedented financial burdens.
Lower Payment Rates, Higher Bills
Only 28% of ransomware victims paid a ransom in 2025, marking the lowest rate on record. However, the average ransom payment increased, indicating that attackers are demanding more from the fewer victims they manage to extort. “This overall trend is a major win against the ransomware ecosystem. Fewer victim payments mean more work for less for attackers, an important step in shifting the economic incentives,” the report states.
High-Impact Incidents Dominate the Landscape
Despite the lower payment rates, several high-impact incidents underscored the severe consequences of ransomware attacks. In late August, Jaguar Land Rover suffered a cyberattack that halted production across multiple countries and resulted in an estimated $2.5 billion in damages, making it the costliest cyber incident in UK history.
Retailers and hospitals were also heavily affected. Marks & Spencer, a major British multinational retailer, experienced long outages following an attack linked to the Scattered Spider group. Meanwhile, global healthcare provider DaVita reported the exposure of nearly 2.7 million patient records, raising significant concerns about data privacy and security.
Targeting Critical Sectors
The United States remained the top target for ransomware attacks, with Canada, Germany, and the UK following closely. The manufacturing, finance, supply chain, and critical infrastructure sectors saw a sharp rise in attacks, highlighting the vulnerability of these essential industries. Chainalysis notes that the increasing sophistication and targeting of these sectors pose a significant threat to global economic stability.
Looking Forward: A Call for Enhanced Security Measures
The decline in ransomware payments is a positive trend, but the high costs for those who do pay underscore the need for enhanced cybersecurity measures. Organizations must invest in robust security protocols and incident response plans to mitigate the risks and financial impacts of ransomware attacks. As the threat landscape continues to evolve, staying one step ahead of cybercriminals will be crucial in protecting critical infrastructure and maintaining public trust.
About the Author
