The number of companies paying ransomware attackers for decryption keys and delete stolen files has plummeted, and now represents just 23% of all victims, new research has claims.
In its report, Coveware said ransom payment rates across all impact scenarios – encryption, data exfiltration, and other extortion – fell to a “historical low” of 23% in Q3 2025. “ This continuation of the long-term downward trend is something all industry participants should take a moment to reflect on: that cyber extortion’s overall success rate is contracting,” the company said.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- #StopRansomware: Interlock
July 22, 2025
Since September 2024, Interlock ransomware actors have impacted a wide range of businesses and critical infrastructure sectors in North America and Europe. These actors are opportunistic and financially motivated in nature and employ tactics to infiltrate and disrupt the victim’s ability to provide their essential services. Interlock actors leverage a double extortion model, in which they ...
- Weak password allowed hackers to sink a 158-year-old company
July 21, 2025
One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP – a Northamptonshire transport company – is just one of tens of thousands of UK businesses that have been hit by such attacks. Big names such as M&S, Co-op ...
- Hong Kong’s PCPD launches investigation into LVHK data breach case
July 21, 2025
French luxury brand Louis Vuitton recently reported a data breach affecting nearly 420,000 customers in Hong Kong, according to a Sunday report by a local newspaper. According to Xianggang Wenweipo, Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) said on Saturday that it received a notification from Louis Vuitton Hong Kong (LVHK) on ...
- Ransomware gang attacking NAS devices taken down in major police operation
July 18, 2025
A 44-year-old Romanian national has been arrested during a law enforcement operation to dismantle a ransomware campaign called “Diskstation”. Diskstation usually targets Synology Network-Attached Storage (NAS) devices, often used in an enterprise environment for centralized file storage and sharing, data backup and recovery, and general content hosting. The group was first spotted in 2021, and has ...
- GhostContainer backdoor: Malware compromising Exchange servers of high-value organizations in Asia
July 17, 2025
In a recent incident response (IR) case, Kaspersky researchers discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Kaspersky in-depth analysis of the malware revealed a sophisticated, multi-functional backdoor that can be dynamically ...
- Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
July 16, 2025
Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access ...