Ransomware attackers have lost their appeal, with payments reaching an all-time low of 23%. According to Coveware’s Q4 2025 report, the success rate of ransomware blackmail and extortion attempts has dropped significantly. However, this shift in tactics comes with a new goal: data exfiltration.
Instead of focusing on locking systems, attackers are now prioritizing the theft of sensitive corporate and customer data. This approach is more effective leverage, as stolen data can be used to pressure companies into paying up. The threat of public disclosure, temporary websites, or paste sites can apply far more pressure, making it harder for companies to resist.
The ransomware industry has split into two paths: those offering ransomware-as-a-service (RaaS) and groups targeting high-end enterprises with sophisticated attacks. As a result, the average ransomware payment has dropped by 66%, from $376,941 in Q2 2025 to $140,000.
Coveware advises that large enterprises should expect an increased risk of being targeted, as attackers focus on “white whale” organizations with the means to pay. To mitigate this risk, businesses must prioritize robust security practices, strategies, and post-incident procedures. Penetration testing is also essential in resolving cybersecurity vulnerabilities before they can be exploited.
As the industry continues to evolve, it’s clear that cybersecurity cannot be an afterthought. Organizations must invest in implementing effective security measures to protect themselves from the increasing threat of data exfiltration.
Source: https://www.zdnet.com/article/no-one-pays-ransomware-demands-anymore-so-attackers-have-a-new-goal