Global ransomware payments reached $1.5 billion in 2025, a 30% increase despite law enforcement takedowns of major groups. The industry is evolving faster than defenses.
2025 in Review
- $1.5 billion in confirmed ransom payments
- Average payment: $520,000 (up from $400K in 2024)
- Average downtime: 24 days per incident
- Healthcare and education were most-targeted sectors
- Law enforcement disrupted LockBit and ALPHV groups, but replacements emerged within months
2026 Trends
Double extortion is standard: Attackers steal data AND encrypt it, threatening to publish stolen data even if you restore from backups.
Ransomware-as-a-Service: Criminal groups sell ransomware tools to affiliates for a percentage of payments, lowering the barrier to entry.
Should You Pay?
The FBI advises against paying. Only 65% of companies that pay get their data back completely. Paying funds future attacks. However, for some organizations (hospitals, critical infrastructure), paying may be the lesser evil when lives are at stake.
