Ransomware - Shift Towards Data Extortion Explained
Basically, ransomware is changing to focus more on stealing data instead of just locking it up.
Ransomware tactics are evolving towards data extortion, impacting many sectors. Google’s report highlights a significant rise in this trend, emphasizing the need for enhanced cybersecurity measures.
What Happened
Ransomware continues to be a major threat, but recent trends show a shift in tactics. Attackers are increasingly focusing on data theft for extortion rather than traditional ransomware, which involves encrypting systems. According to Genevieve Stark from Google Threat Intelligence Group, many actors in the cybercrime underground are now primarily engaged in data-theft extortion. This marks a significant evolution in the ransomware landscape.
In 2025, Google observed that 77% of ransomware incidents involved data theft, up from 57% the previous year. This indicates a growing trend where attackers leverage the threat of exposing stolen data to extort victims, rather than solely relying on encryption. The report highlights that some ransomware-as-a-service programs are even offering options that focus exclusively on data theft, reflecting market demand.
Who's Being Targeted
Various sectors are feeling the impact of this shift. Google’s report indicates that data leak sites have seen a 48% increase in posts, suggesting that attackers are more active than ever in promoting their exploits. However, it’s important to note that not all claims made on these sites are credible, as some groups recycle previous breaches to inflate their reputations.
The increase in data extortion is likely driving these trends, but the lack of a centralized understanding of ransomware incidents complicates the situation. Many firms operate in silos, leading to a fragmented view of the overall threat landscape. This makes it challenging to gauge the true scale of ransomware attacks and their impact on organizations.
Signs of Infection
Identifying the signs of a ransomware attack is crucial for organizations. Google’s research indicates that exploited vulnerabilities were the primary access point in a third of all ransomware incidents last year. Attackers often targeted weaknesses in widely used tools like VPNs and firewalls from companies such as Fortinet and Palo Alto Networks.
In addition to exploiting vulnerabilities, stolen credentials were responsible for 21% of ransomware breaches, allowing attackers to gain unauthorized access to systems. Organizations need to be vigilant and monitor for unusual activities, such as unauthorized logins or unexpected changes to system configurations.
How to Protect Yourself
To mitigate the risks associated with this evolving ransomware landscape, organizations should adopt a proactive approach to cybersecurity. Regularly updating and patching systems can help close vulnerabilities that attackers exploit. Additionally, implementing strong credential management practices, such as multi-factor authentication, can significantly reduce the likelihood of unauthorized access.
It's also essential to conduct regular security training for employees to recognize potential phishing attempts and other social engineering tactics that could lead to data breaches. By staying informed about the latest trends in ransomware and adjusting security measures accordingly, organizations can better protect themselves against these evolving threats.
CyberScoop