Ransom payments on the rise as AI-driven cyber attacks force more companies to pay hackers

A growing number of businesses are paying cybercriminals after ransomware attacks, as hackers use artificial intelligence to make their tactics more targeted, sophisticated and damaging.

A new study from cybersecurity consultancy S-RM and consulting firm FGS Global shows that 24.3 percent of companies targeted by ransomware attacks will have paid the ransom demanded by 2025, marking a significant increase from 14.4 percent in 2024.

The figures represent the first significant increase in ransom payments after two years of decline. In 2023, about 16.4 percent of affected organizations paid, and the peak came in 2022 when 27.6 percent of victims settled with attackers.

Although the latest numbers remain below that high point, the jump suggests that cybercriminals are becoming increasingly successful at pressuring companies to hand over money.

Cybersecurity experts say artificial intelligence is rapidly reshaping how ransomware attacks are planned and executed.

Cybercriminals are now able to use AI tools to scan large amounts of stolen or publicly available data, allowing them to identify a target organization’s most sensitive information. By focusing on data that could cause significant reputational, financial or operational damage if disclosed, attackers are able to increase the pressure on victims to pay.

Jamie Smith, head of cybersecurity at S-RM, said criminals are increasingly relying on AI to refine their tactics.

“Attackers use AI to find highly sensitive information that can cause serious damage,” he said. “Threats are becoming more specific and personal, designed to increase the victim’s fear and willingness to pay.”

This popularity has made ransomware attacks more difficult for companies to defend against, especially for organizations with large amounts of sensitive data.

The report also sheds light on the level of payments demanded by cybercriminal groups.

According to the study, ransom payments in 2025 ranged from as little as $10,000 to over $1 million, with the average payment reaching $296,000.

However, cybersecurity experts warn that the full cost of a ransomware attack often goes beyond the ransom itself. Businesses often face operational disruptions, regulatory scrutiny, reputational damage and the costly process of rebuilding compromised IT systems.

Many organizations also incur costs related to legal advice, customer notifications and forensic investigations after an attack.

Research suggests that industrial and manufacturing companies were more likely to pay ransoms last year.

This trend appears to be driven by the severe disruption ransomware attacks can cause in sectors that rely heavily on continuous production.

Factories, logistics systems and supply chains can grind to a halt if core IT infrastructure is inaccessible. In such cases, businesses sometimes consider paying a ransom as a quick way to restore operations and avoid long-term shutdowns.

One well-known cyber incident involved Jaguar Land Rover, whose factories around the world were forced to close for the entire month of September after their IT systems were compromised.

Major UK retailers are also targeting 2025, including Marks & Spencer and the Co-op. Neither company has publicly confirmed that a ransom has been paid.

One of the biggest challenges in measuring ransomware activity is that many companies refuse to disclose whether they have paid hackers.

Security experts say businesses often fear that publicly acknowledging ransom payments could make them attractive targets for future attacks.

Gangs may interpret the payment as a sign that the company has both the resources and the willingness to comply.

As a result, ransomware incidents are often kept secret, with payments handled through private discussions involving cyber security consultants, insurers and crisis advisors.

While artificial intelligence helps companies automate tasks and improve efficiency, experts warn that it also opens up new vulnerabilities that cybercriminals are eager to exploit.

Jenny Davey, head of risk management at FGS Global, described the technology as a “double-edged sword”.

“While AI can drive efficiency and effectiveness across a business, it can also open up new attack surfaces for cybercriminals to exploit,” he said.

The rapid adoption of AI tools in all corporate systems means that organizations must invest heavily in cybersecurity and employee training to avoid creating new entry points for attackers.

The rise in ransomware payments highlights the growing importance of cyber resilience for businesses across all sectors.

Experts say companies should go beyond traditional IT security measures and adopt a comprehensive approach that includes employee awareness, strong data protection procedures and detailed incident response plans.

This includes secure backups, limiting access to sensitive information and regular screening programs against potential cyber threats.

As ransomware attacks become more sophisticated, and powered by artificial intelligence, businesses face increasing pressure to strengthen their defenses before they become the next target.