As ransomware attacks gained popularity, hackers initially focused on encrypting entire databases and demanding ransom in exchange for decryption keys. However, recent trends suggest a shift in their tactics, with cybercriminals now more interested in stealing data rather than encrypting it.
A report by the American cybersecurity firm ReliaQuest reveals that more malware-spreading gangs are targeting data exfiltration. This method is faster, often taking just 48 to 90 minutes, and carries a lower risk of being traced by law enforcement. In contrast, when encryption is used, victims may refuse to comply with ransom demands and contact authorities, complicating the criminals’ plans.
Law enforcement typically intervenes by discouraging ransom payments, sometimes offering decryption keys to quickly restore the victim’s database. They also attempt to trace cryptocurrency payments, which can eventually lead to identifying the perpetrators, though this is a rare occurrence.
To avoid these complications, ransomware gangs are increasingly opting to steal data first. This allows them to sell the stolen information for profit or, in some cases, hold it for months before releasing it on the dark web for social engineering attacks.
To mitigate such risks, it’s crucial for organizations to deploy threat monitoring systems that can provide early warnings. Regular backups using a reliable disaster recovery solution are also essential. Additionally, notifying relevant authorities can help share information across industries and facilitate the capture of criminals, ultimately reducing the spread of cybercrime.
While data theft isn’t replacing ransomware entirely, it represents a shift in the criminal focus from disrupting systems to generating profit—minimizing attention from global authorities like the FBI and CISA.
Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group “Information Security Community”!