A growing number of businesses are paying cybercriminals after ransomware attacks, as hackers deploy artificial intelligence to make their tactics more targeted, sophisticated and damaging.
New research from cybersecurity consultancy S-RM and advisory firm FGS Global shows that 24.3 per cent of companies targeted by ransomware attacks paid the demanded ransom in 2025, marking a sharp increase from 14.4 per cent in 2024.
The figures represent the first significant rise in ransom payments after two years of decline. In 2023, about 16.4 per cent of affected organisations paid, while the peak came in 2022 when 27.6 per cent of victims settled with attackers.
Although the latest numbers remain below that high point, the jump suggests cybercriminals are becoming increasingly successful at pressuring companies into handing over money.
Cybersecurity experts say artificial intelligence is rapidly reshaping how ransomware attacks are planned and executed.
Hackers are now able to use AI tools to scan vast amounts of stolen or publicly available data, allowing them to identify the most sensitive information belonging to a target organisation. By focusing on data that could cause the greatest reputational, financial or operational damage if exposed, attackers are able to increase pressure on victims to pay.
Jamie Smith, head of cybersecurity at S-RM, said criminals were increasingly relying on AI to refine their strategies.
“Attackers are using AI to find the most sensitive information that could cause maximum damage,” he said. “Threats are becoming far more specific and personalised, designed to maximise the victim’s fear and willingness to pay.”
This evolution has made ransomware attacks more difficult for companies to defend against, particularly for organisations with large volumes of sensitive data.
The report also sheds light on the scale of payments being demanded by cybercriminal groups.
According to the study, ransom payments in 2025 ranged from as little as $10,000 to more than $1 million, with the average payment reaching $296,000.
However, cybersecurity specialists warn that the total cost of a ransomware attack often extends far beyond the ransom itself. Businesses frequently face operational disruption, regulatory scrutiny, reputational damage and the expensive process of rebuilding compromised IT systems.
Many organisations also incur costs related to legal advice, customer notifications and forensic investigations after an attack.
The research suggests that industrial and manufacturing companies were particularly likely to pay ransoms during the past year.
This trend appears to be driven by the severe operational disruption ransomware attacks can cause in sectors that rely heavily on continuous production.
Factories, logistics systems and supply chains can grind to a halt if core IT infrastructure becomes inaccessible. In such situations, businesses sometimes view paying a ransom as the quickest way to restore operations and avoid prolonged shutdowns.
One high-profile cyber incident involved Jaguar Land Rover, whose factories around the world were forced to shut down for the entire month of September after its IT systems were compromised.
Major UK retailers were also targeted in 2025, including Marks & Spencer and Co-op. None of the companies has publicly confirmed whether a ransom was paid.
One of the biggest challenges in measuring ransomware activity is that many companies refuse to disclose whether they have paid hackers.
Security specialists say businesses often fear that publicly admitting to ransom payments could make them more attractive targets for future attacks.
Criminal groups may interpret payment as a sign that a company has both the resources and willingness to comply with demands.
As a result, ransomware incidents are often kept confidential, with payments handled through private negotiations involving cybersecurity consultants, insurers and specialist crisis advisers.
While artificial intelligence is helping companies automate operations and improve efficiency, experts warn it is also opening up new vulnerabilities that cybercriminals are eager to exploit.
Jenny Davey, co-head of crisis management at FGS Global, described the technology as a “double-edged sword”.
“While AI can drive efficiency and performance across the business, it can also open up new attack vectors for cybercriminals to exploit,” she said.
The rapid adoption of AI tools across corporate systems means organisations must invest heavily in cybersecurity and staff training to avoid creating new entry points for attackers.
The rise in ransomware payments highlights the growing importance of cyber resilience for businesses across every sector.
Experts say companies must go beyond traditional IT security measures and adopt a broader approach that includes employee awareness, robust data protection practices and detailed incident response plans.
This includes maintaining secure backups, limiting access to sensitive information and regularly testing systems against potential cyber threats.
As ransomware attacks become more sophisticated, and increasingly powered by artificial intelligence, businesses face mounting pressure to strengthen their defences before becoming the next target.
Read more:
More companies paying ransoms as AI-powered cyberattacks intensify
