Industry surveys have shown a decrease in the number of ransomware attacks being paid in recent times, even as the overall number of attacks continues to rise. According to a report by Coveware in February 2025, only 25% of companies hit in the last quarter of 2024 paid a ransom, marking an all-time low. The median payment amount also decreased by 45% compared to the prior quarter, down to $110,890. Similarly, Chainalysis reported that ransomware groups collected $813 million in payments in 2024, a 35% decline from 2023.
While these statistics may seem like positive news in the battle against ransomware, the decision of whether to pay a ransom remains critical for organizations facing such attacks. In the event of a ransomware incident, businesses must quickly assess the situation and ponder the difficult question of whether to pay the ransom demanded by cybercriminals.
Lee Kim, a cybersecurity and privacy expert at HIMSS North America, emphasizes that once an organization falls victim to ransomware, the decision-making process becomes complex. The primary questions that arise include whether paying the ransom is unavoidable and if the organization is at the mercy of the ransomware operators.
Despite the FBI’s stance against ransom payments, many organizations find themselves in the position of considering negotiations with threat actors to recover their data and systems. Engaging in such negotiations presents legal challenges, as some countries outright prohibit ransom payments. Moreover, various U.S. states have passed laws banning public sector entities from paying ransoms, adding another layer of complexity to the negotiation process.
Navigating the intricate landscape of ransomware negotiations often requires expert assistance. Ransomware negotiators, such as those recommended by cyber liability insurance policies, play a crucial role in handling the technical, legal, and financial aspects of the negotiation process. These seasoned professionals bring valuable experience to the table, ensuring that organizations make informed decisions while safeguarding their interests.
While the decision to negotiate with ransomware attackers involves ethical considerations and potential risks, organizations may benefit from engaging in negotiations. Negotiations can lead to lower ransom amounts, provide a pause in the attack, allow for a thorough evaluation of the damage, and even yield valuable information for law enforcement and the security community.
Ultimately, the success of ransomware negotiations is not guaranteed, and organizations must carefully weigh the potential benefits against the risks. Despite the uncertainties surrounding negotiations, some experts suggest that threat actors tend to honor their agreements with organizations that pay ransoms, reducing the likelihood of repeated attacks.
In conclusion, the evolving landscape of ransomware attacks underscores the importance of preparedness and strategic decision-making for organizations facing such threats. While the decline in ransom payments may signal progress in combating ransomware, the complex nature of negotiations and the potential consequences of such actions highlight the need for organizations to approach these situations with caution and seek expert guidance when necessary.