As ransomware attacks continue to pose significant challenges for organizations, an intriguing trend has emerged: fewer companies are paying ransoms, but those that do are shelling out considerably more. This insight stems from the recently released 2025 Global Threat Landscape Report by ExtraHop, which provides a comprehensive look at the current cybersecurity landscape.
The report, created in collaboration with Censuswide, is based on a survey conducted in July 2025 that included responses from 1,800 IT and security decision-makers across mid-sized and large organizations in seven countries.
Rising Ransom Payments Amid Decreased Incidents
One key finding is the dramatic increase in average ransom payments. While the number of ransomware incidents is declining, organizations that choose to pay are now paying, on average, $3.6 million—up $1.1 million from last year’s average of $2.5 million. This represents an increase of over 40%.
Interestingly, despite 70% of respondents reporting they had paid a ransom, this year saw a notable drop in the overall number of payments made. The proportion of organizations stating they did not pay a ransom surged from 9% last year to 30% this year. Fewer ransomware incidents also marked a positive shift, with organizations reporting an average of five to six attacks in the past year, a decrease of about 25% from the nearly eight incidents recorded in 2024. Nevertheless, a worrying trend persists: the percentage of organizations facing 20 or more ransomware incidents tripled, rising to 3% year-over-year; healthcare and government sectors reported a significant uptick in attacks.
According to data from Cyble, ransomware incidents have surged by 50% in 2025 compared to the same period in 2024. The average ransom amounts varied by country; for instance, organizations in the UAE reported facing an average of seven incidents, with ransom payments soaring to around $5.4 million. In contrast, Australian organizations encountered the fewest ransomware incidents, averaging just four annually, with average ransom payments around $2.5 million.
The healthcare sector continues to bear the brunt of high payouts, averaging a staggering $7.5 million, closely followed by the government sector, also just under $7.5 million, and the finance sector, which recorded average payments of $3.8 million. Alarmingly, more than 30% of respondents disclosed they didn’t realize they were under ransomware attack until data exfiltration had already begun.
The Most Vulnerable Attack Surfaces
According to the report, the public cloud, third-party risks, and emerging generative AI technologies rank as the most vulnerable attack surfaces. As organizations quickly adopt advanced technologies and contend with intricate device interdependencies and expansive supply chains, the complexity of their IT infrastructures has increased significantly. This complexity inherently leads to a wider attack surface.
Phishing and social engineering tactics emerged as the most prevalent entry points for attackers, accounting for 33.7% of incidents. Other notable initial attack vectors included software vulnerabilities at 19.4%, compromises in third-party and supply chain networks at 13.4%, and compromised credentials, which represented 12.2% of attack methods. This data underscores the evolving challenges organizations face in safeguarding their systems against increasingly sophisticated cyber threats.
Conclusion
Fighting against ransomware continues to be a complex endeavor for organizations across various sectors. As the landscape evolves, staying informed about prevalent attack vectors and adapting security measures can make all the difference in protecting sensitive data.
