Data Exfiltration Drives Ransomware Payments Beyond $1 Million

ByAdmin

Coveware by Veeam has published its Q2 2025 ransomware report, highlighting a significant rise in targeted social engineering attacks and a notable increase in ransom payments, with data exfiltration-led extortion becoming a central theme. The report indicates that both average and median ransom payments have surged, with the average payout exceeding USD $1 million. The average ransom increased by 104% from the previous quarter to USD $1.13 million, while the median doubled to USD $400,000. This rise is attributed to larger organisations choosing to pay ransoms following data exfiltration incidents. Despite the increase in payout amounts, the percentage of organisations paying ransoms remained steady at 26%. Bill Siegel, Chief Executive Officer of Coveware by Veeam, remarked that the second quarter of 2025 signifies a turning point in ransomware, as targeted social engineering and data exfiltration have become the primary strategies employed by attackers.

The report reveals a shift in attack methods, with three main ransomware groups—Scattered Spider, Silent Ransom, and Shiny Hunters—dominating the landscape. These groups have moved away from mass opportunistic attacks, opting instead for precision targeting through sophisticated impersonation tactics aimed at help desks, employees, and third-party providers. Data theft has emerged as the leading method of extortion, surpassing traditional system encryption, with data exfiltration involved in 74% of cases studied. Additionally, there has been an uptick in multi-extortion tactics, including follow-up ransom demands long after the initial breach, which keeps organisations vulnerable over extended periods. The report notes that professional services, healthcare, and consumer services were the most affected sectors, with mid-sized organisations being the primary targets due to their balance of higher payout potential and lower cyber defence maturity. The analysis underscores that the human factor remains a critical vulnerability, as attackers increasingly exploit credential compromises. 

Categories: Ransom Payment Trends, Attack Methods, Targeted Industries 

Tags: Ransomware, Social Engineering, Data Exfiltration, Ransom Payments, Targeted Attacks, Cybersecurity, Professional Services, Healthcare, Credential Compromise, Multi-Extortion 

Leave a Reply

Your email address will not be published. Required fields are marked *