More companies are paying cybercriminals after ransomware attacks as hackers use artificial intelligence to make their tactics more targeted, sophisticated and damaging.
New research from cybersecurity consultancy S-RM and consulting firm FGS Global shows that 24.3 percent of companies affected by ransomware attacks paid the demanded ransom in 2025, a sharp increase from 14.4 percent in 2024.
The figures represent the first significant increase in ransom payments after two years of decline. In 2023, about 16.4 percent of affected organizations paid, while the peak was reached in 2022, when 27.6 percent of victims reached a settlement with attackers.
Although recent figures remain below this peak, the increase suggests that cybercriminals are becoming increasingly successful at pressuring companies to hand over money.
Cybersecurity experts say artificial intelligence is rapidly changing the way ransomware attacks are planned and executed.
Hackers are now able to use AI tools to scan large amounts of stolen or publicly available data to identify a target organization’s most sensitive information. By focusing on data whose disclosure could cause the greatest reputational, financial or operational damage, attackers can increase the pressure on victims to pay.
Jamie Smith, head of cybersecurity at S-RM, said criminals were increasingly relying on AI to refine their strategies.
“Attackers use AI to find the most sensitive information that could cause maximum damage,” he said. “Threats are becoming more specific and individualized, aiming to maximize the victim’s fear and willingness to pay.”
This development has made it more difficult for companies to defend against ransomware attacks, especially for organizations with large amounts of sensitive data.
The report also sheds light on the scale of payments demanded by cybercriminal groups.
According to the study, ransom payments in 2025 ranged from just $10,000 to over $1 million, with the average payment reaching $296,000.
However, cybersecurity specialists warn that the total cost of a ransomware attack often goes well beyond the ransom itself. Companies often face business interruptions, regulatory scrutiny, reputational damage, and the expensive process of restoring compromised IT systems.
Many companies also incur costs associated with legal advice, customer notifications and forensic investigations following an attack.
The research suggests that industrial and manufacturing companies were particularly likely to pay ransoms last year.
This trend appears to be due to the severe business disruptions that ransomware attacks can cause in sectors that rely heavily on continuous production.
Factories, logistics systems and supply chains can come to a standstill if the central IT infrastructure is no longer accessible. In such situations, companies sometimes view paying a ransom as the quickest way to restore operations and avoid prolonged downtime.
A high-profile cyber incident affected Jaguar Land Rover, whose factories around the world were forced to close for the entire month of September due to its IT systems being compromised.
Major UK retailers have also been targeted in 2025, including Marks & Spencer and Co-op. Neither company has publicly confirmed whether a ransom was paid.
One of the biggest challenges in measuring ransomware activity is that many companies refuse to disclose whether they have paid hackers.
Security experts say companies often fear that publicly admitting to paying ransoms could make them a more attractive target for future attacks.
Criminal groups may interpret the payment as a sign that a company has both the resources and willingness to comply with the demands.
For this reason, ransomware incidents are often kept confidential and payments are processed through private negotiations involving cybersecurity consultants, insurers and specialist crisis advisors.
While artificial intelligence helps companies automate operations and improve efficiency, experts warn that it also opens up new vulnerabilities that cybercriminals are eager to exploit.
Jenny Davey, co-head of crisis management at FGS Global, called the technology a “double-edged sword.”
“While AI can increase efficiency and performance across the organization, it can also open up new attack vectors for cybercriminals to exploit,” she said.
The rapid adoption of AI tools in enterprise systems means companies must invest heavily in cybersecurity and staff training to avoid creating new entry points for attackers.
The rise in ransomware payments highlights the growing importance of cyber resilience for companies across all industries.
Experts say companies need to go beyond traditional IT security measures and take a more comprehensive approach that includes employee awareness, robust data protection practices and detailed incident response plans.
This includes maintaining secure backups, limiting access to sensitive information, and regularly testing systems for potential cyber threats.
As ransomware attacks become more sophisticated and increasingly rely on artificial intelligence, companies are under increasing pressure to strengthen their defenses before they become the next target.
