{"id":186270,"date":"2026-02-11T01:39:00","date_gmt":"2026-02-11T06:39:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/11\/ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption\/"},"modified":"2026-02-11T01:50:11","modified_gmt":"2026-02-11T06:50:11","slug":"ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/11\/ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption\/","title":{"rendered":"Ransomware hackers say NO to Data Exfiltration and YES to Encryption"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecurity-insiders.com\/ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption\/\">Ransomware hackers say NO to Data Exfiltration and YES to Encryption<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecurity-insiders.com\/ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption\/\">https:\/\/www.cybersecurity-insiders.com\/ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-11 01:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecurity-insiders.com\">www.cybersecurity-insiders.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>            Ransomware operators appear to be recalibrating their tactics, with a noticeable shift away from large-scale data exfiltration and toward a renewed emphasis on file encryption. According to a study conducted by incident response firm Coveware, only well-established cybercriminal syndicates\u2014such as Clop, LockBit 3.0, and Qilin\u2014continue to systematically employ \u201cdouble extortion\u201d strategies. In double extortion campaigns, attackers both encrypt victim systems and exfiltrate sensitive data, threatening public disclosure if ransom demands are not met. In contrast, smaller or less sophisticated groups are increasingly focusing solely on encryption-based attacks.<br \/>\nThe research suggests that many emerging ransomware actors initially adopted data exfiltration after observing its apparent success among major gangs. However, exfiltration introduces additional operational complexity, including data staging, secure transfer, storage infrastructure, and management of leak sites on the dark web. When victims refuse to pay\u2014or when negotiations collapse\u2014these actors incur sunk costs related to infrastructure and exposure risk without guaranteed financial return. As a result, some groups appear to be reverting to encryption-only models, which require fewer resources and present a narrower operational footprint.<br \/>\nAnother factor influencing this shift is the declining market value of stolen data. Buyers on underground marketplaces increasingly scrutinize datasets before purchase, often using automated validation tools to assess accuracy, recency, and uniqueness. Industry analysis indicates that a substantial proportion\u2014reportedly up to 78%\u2014of exfiltrated datasets are deemed low-value or redundant. Much of the data originates from previously compromised or publicly dumped databases, which can be acquired in bulk for relatively low prices. Such datasets frequently contain outdated personally identifiable information (PII), including names, email addresses, phone numbers, and location data. As supply saturates the market, marginal utility declines, reducing the economic incentive for exfiltration-centric campaigns.<br \/>\nFrom the victim\u2019s perspective, ransom payment does not eliminate regulatory, legal, or reputational risk. Data protection frameworks such as GDPR and other breach notification laws impose obligations regardless of ransom settlement. Moreover, there is no technical guarantee that attackers will delete exfiltrated data or refrain from future exploitation. This uncertainty weakens the coercive leverage of double extortion.<br \/>\nImproved defensive maturity also plays a role. Heightened media coverage, structured cybersecurity awareness training, adoption of zero-trust principles, and investment in disaster recovery and immutable backup solutions have strengthened organizational resilience. Additionally, coordinated efforts by law enforcement agencies\u2014including the FBI, CISA, and the UK\u2019s NCSC\u2014have disrupted infrastructure, tracked cryptocurrency flows, and occasionally seized leak sites. These actions increase operational risk for attackers engaging in data theft and publication.<br \/>\nDespite these developments, ransomware remains financially lucrative. Coveware reports that the average ransom payment rose to approximately $600,000 in the fourth quarter of 2025, up from $325,000 in the previous year\u2019s third quarter. This increase underscores that while tactics may evolve, the ransomware threat landscape continues to present significant financial and operational risk to organizations worldwide.<\/p>\n<p>                            Join our LinkedIn group Information Security Community!<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware hackers say NO to Data Exfiltration and YES to Encryption https:\/\/www.cybersecurity-insiders.com\/ransomware-hackers-say-no-to-data-exfiltration-and-yes-to-encryption\/ Publish Date: 2026-02-11&#8230;<\/p>\n","protected":false},"author":1,"featured_media":186271,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cybersecurity-insiders.com\/wp-content\/uploads\/Ransomware-March-20-2025-9.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-186270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/186270"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=186270"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/186270\/revisions"}],"predecessor-version":[{"id":186272,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/186270\/revisions\/186272"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/186271"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=186270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=186270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=186270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}