Average ransom demands and payments declined year-over-year.
Ransomware intrusions involving data encryption dropped from 70 percent in 2024 to 50 percent in 2025, as the prevalence of extortion-only attacks increased twofold this year.
According to research by Sophos and reported by Cybersecurity Dive, organisations with over 3,000 employees were impacted by most of the attacks involving data encryption, while those with up to 250 employees had increased odds of experiencing data extortion incidents.
Moreover, average ransom demands and payments declined by 34 percent and 50 percent year-over-year, respectively, while more than half of IT and cybersecurity leaders reported paying less than attackers' demands.
Additional findings revealed elevated anxiety about succeeding attacks among 41 percent of respondents whose organisations had been hit by ransomware.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
