The number of companies paying ransomware attackers for decryption keys and delete stolen files has plummeted, and now represents just 23% of all victims, new research has claims.
In its report, Coveware said ransom payment rates across all impact scenarios – encryption, data exfiltration, and other extortion – fell to a “historical low” of 23% in Q3 2025. “ This continuation of the long-term downward trend is something all industry participants should take a moment to reflect on: that cyber extortion’s overall success rate is contracting,” the company said.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cobalt Strike Beacon delivered via GitHub and social media
July 30, 2025
n the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to trick security systems and remain undetected. To bypass detection, they delivered information about their payload via profiles on both Russian and international social media platforms, ...
- Gunra Ransomware Group Unveils Efficient Linux Variant
July 29, 2025
Gunra ransomware was first observed in April 2025 in a campaign that targeted Windows systems using techniques inspired by the infamous Conti ransomware. Trend Micror monitoring of the ransomware landscape revealed that threat actors behind Gunra have expanded with a Linux variant, signaling a strategic move toward cross-platform targeting. The novel ransomware group has already made ...
- Joint Cybersecurity Advisory: Scattered Spider
July 29, 2025
Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities. Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). According to public ...
- Telecom giant Orange warns of disruption amid ongoing cyberattack
July 29, 2025
Orange, a French telecommunications giant and one of the largest phone providers in the world, announced on Monday that it was the victim of an unspecified cyberattack. In the announcement, the company said that it detected a cyberattack “on one of its information systems” on July 25, and that it proceeded to “isolate potentially affected services ...
- CVE-2025-53770 – Zero-day exploitation in the wild of Microsoft SharePoint servers
July 29, 2025
Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure from Microsoft. The vulnerability is described as an unauthenticated deserialization of untrusted data issue, and has a CVSS base ...
- Endgame Gear warns mouse config tool has been infected with malware
July 29, 2025
Gaming kit maker Endgame Gear has confirmed it was the victim of a supply chain attack which saw unidentified threat actors break into its website and replace a legitimate configuration tool with a trojanized version containing malware. In an announcement posted on the company’s website, it said on June 26 2025, someone managed to replace a ...