The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal.
The stolen data has likely been held by multiple parties and not secured, and victimized organizations can’t be sure that it has been destroyed and not traded, sold, misplaced, or held for a future extortion attempt, they explained.
Also, the data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.
“Despite the increase in demands, and higher prevalence of data theft, we are encouraged that a growing number of victims are not paying,” Coveware noted.
“Over hundreds of cases, we have ..
Support the originator by clicking the read the rest link below.
