Average ransomware payments have more than doubled in the past quarter, while stolen credentials are driving a sharp rise in breaches.

Coveware by Veeam reported the average ransom payout in Q2 2025 hit $1.13 million, up 104 per cent on the previous quarter. The median payment also doubled to $400,000, with larger organisations paying out in data exfiltration-only incidents, where files are stolen rather than systems encrypted. Data theft was a factor in 74 per cent of cases.

Criminal groups such as ‘Scattered Spider’, ‘Silent Ransom’ and ‘Shiny Hunters’ are using targeted social engineering to impersonate staff, trick helpdesks, and exploit third-party providers. “Attackers aren’t just after your backups – they’re after your people, your processes, and your data’s reputation,” warned Coveware CEO Bill Siegel.

At the same time, Check Point found credential theft has surged 160 per cent in 2025, now causing one in five breaches. Many businesses take months to revoke exposed logins, giving attackers time to exploit them.

Security experts advise organisations to enforce multi-factor authentication, tighten password policies, and train staff to spot social engineering. Treating stolen credentials and data theft as primary risks is now seen as essential.