Ransomware Payouts Surge to $3.6m Amid Evolving Tactics

The average ransomware payment has increased to $3.6m this year, up from $2.5m in 2024 – a 44% surge despite a decline in the overall number of attacks.

While the number of attacks dropped, the damage intensified. Seventy percent of affected organizations paid the ransom, and payouts in critical sectors were significantly higher than average. Healthcare and government agencies faced the highest financial burdens, with payouts nearing $1.5m, while finance averaged $1.8m per incident.

The study identified public cloud infrastructure (53.8%), third-party integrations (43.7%), and generative AI applications (41.9%) as the top sources of cybersecurity risk. These interconnected systems are widening the attack surface and complicating defense efforts.

Phishing remains the leading method of infiltration, responsible for 33.7% of attacks, followed by software vulnerabilities (19.4%) and supply chain compromises (13.4%). Once inside a network, threat actors typically go undetected for about two weeks – ample time to move laterally, exfiltrate data, and prepare ransomware deployment.

To read the complete article, visit: Infosecurity Magazine