Global ransomware activity rises 36% in Q3 2025, but average payments collapse

November 11, 2025

In Q3 2025, ransomware attacks increased by 36%, making it a major concern in cybersecurity. Surprisingly, the average ransom payments dropped, indicating a shift in the threat landscape.

In the third quarter of 2025, global ransomware activity saw a staggering increase of 36%, underscoring a significant escalation in cyber threats that organizations around the world could no longer ignore. This surge coincided with a rise in undisclosed ransomware attacks, indicating a troubling trend where many incidents remain hidden, potentially at the risk of larger scale incidents or repercussions. Notably, while the number of ransomware incidents surged, the average payments demanded by cybercriminals surprisingly collapsed, leading experts to speculate on the reasons behind this shift. This juxtaposition of increased attack volume with declining ransom prices created an atmosphere of uncertainty and ongoing concern amongst cybersecurity professionals and those responsible for safeguarding infrastructure. Analysts suggest that the market saturation of ransomware attacks might be contributing to the lower ransom payments, as victims may be more incentivized to resist paying, and newly emerged anti-ransomware tools could be playing a role as well. The data point to a complex and evolving landscape in the cyber threat domain, where traditional responses and understandings are being continuously tested. As organizations grapple with these changes, understanding the underlying motivations and adapting measures will be critical to mitigate the impacts of such incidents, ensuring resilience against further escalations in this alarming trend in cybercrime.