Overview
- Only 23% of victim organizations paid in Q3 2025, with exfiltration‑only cases dropping to a 19% payment rate, according to Coveware.
- Average and median payments fell sharply to about $377,000 and $140,000, reflecting reduced willingness to fund extortion.
- Data theft featured in more than 76% of incidents, with many operations skipping encryption to pressure victims through exposure risks.
- Remote access compromise accounted for over half of intrusions, as attackers blended credential abuse with helpdesk fraud, callback phishing, and insider bribery, while also exploiting configuration debt and older vulnerabilities.
- Threat activity is splitting between high‑volume, low‑demand campaigns against mid‑sized firms by groups such as Akira and Qilin and more selective operations targeting large enterprises that are increasingly refusing to pay.