Disclosure: TheBestVPN is reader-supported. When you buy a VPN through links on our site, we may earn commissions. Learn more.

What Is the Average Ransomware Payment?

Last updated:
What Is the Average Ransomware Payment?

 

Key Takeaways

  • $1,000,000 – average ransom payment in 2025, a 50% drop from 2024’s $2M median
  • $1.53 million – average recovery costs on top of the ransom paid
  • 49% of ransomware victims paid the ransom; paying still doesn’t guarantee recovery
  • 53% of payers negotiated down from the initial demand

The Story Behind the Numbers

Ransomware is a type of cyberattack where criminals break into a network, lock your files using encryption (think of it as a digital padlock only they control), and then demand money to hand back the key.

In 2025, the average ransom payment hit $1,000,000 – a 50% drop from the $2 million median payment recorded in 2024. That sounds like good news. But paying seven figures is still catastrophic for most organizations.

And that’s just the ransom itself. Add recovery costs – downtime, IT labor, lost business – and the cleanup bill alone hits $1.53 million on top of that. In other words, paying up doesn’t make the damage go away.

What’s driving payments down? Fewer victims are making massive payouts. The share of ransom payments at $5 million or more dropped from 31% in 2024 to 20% in 2025. More organizations are negotiating – and winning. In fact, 53% of those who paid ended up paying less than the initial demand, often through direct negotiation or third-party help.

Why This Data is Important

These numbers come from 3,400 IT and cybersecurity professionals across 17 countries – people who actually lived through an attack in the past year. That makes this one of the most grounded data sets available.

Here’s the part that matters most for everyday users and business owners: 49% of ransomware victims paid the ransom. Nearly half. And paying doesn’t guarantee anything. Criminals can still demand more – 18% of victims paid above the initial ask, often because their backups failed or they didn’t respond quickly enough.

Understanding these costs is a strong argument for prevention. Tools like a VPN can help reduce your exposure by masking your network activity and making it harder for attackers to profile your systems. For businesses, knowing which VPN protocols offer the strongest encryption is a practical first step toward reducing risk – because once ransomware lands, the financial math is brutal regardless of how much you negotiate.

If you want protection without breaking the bank, there are solid cheap VPN options that still offer meaningful security layers.

Looking Ahead: Future Outlook

The drop in average payments is encouraging, but the threat isn’t shrinking – it’s evolving. Attackers are calibrating demands more precisely to what victims can afford: organizations with over $5 billion in revenue face median demands of $5,500,000, while smaller businesses see demands around $109,670.

Expect continued negotiation pressure, smarter targeting by revenue, and growing use of data theft alongside encryption as attackers diversify their leverage.

Source & Methodology

Data sourced from the Sophos State of Ransomware 2025 report. The findings are based on an independent, vendor-agnostic survey of 3,400 IT and cybersecurity leaders across 17 countries, conducted between January and March 2025. All financial figures are in U.S. dollars.