Latest News
Report: Fewer ransomware attacks encrypting data
Written on Jun 27, 2025
Only half of ransomware attacks on organizations this year have involved data encryption, once the attack’s defining feature, according to a new report.
Both the average ransom demand and average ransom payment have dropped significantly over the past year (by 34% and 50%, respectively), Sophos reported.
Less than a third of respondents in the survey who paid a ransom said the amount matched the attackers’ initial demand, with 53% of victims paying less and 18% paying more.
Ransomware has remained a major threat to businesses for years, but cybercriminals’ tactics have shifted over time. The new report highlights one of the most significant examples of that evolution: the decline in data encryption as part of a ransomware attack.
The 50% figure that Sophos found this year is a stark decline from last year, when 70% of attacks involved data encryption. This finding suggests that “organizations are more capable of stopping attacks before the encrypted payload is deployed,” according to Sophos. Encryption most seriously affected large organizations (3,001-5,000 employees), which experienced the problem in 65% of attacks. That may be due to their size making it more difficult to detect and block encryption attempts, according to Sophos.
While encryption declines in popularity, extortion-only attacks are on the rise. The number of such cyberattacks doubled this year, to 6%, according to the report. Smaller organizations were more likely to face this kind of attack — 13% of companies with 100-250 employees reported experiencing one, compared to 3% of companies with 3,001-5,000 employees.
Sophos found that the percentage of attacks beginning with credential compromises dropped from 29% last year to 23% this year. Liska noted that different research firms “have different views into the attack surface.”
Ransomware attacks have lasting human consequences, as Sophos’ report highlighted. The company found that 41% of IT and cybersecurity workers experienced more stress or anxiety about future attacks after responding to one.