{"id":188221,"date":"2026-02-17T11:17:00","date_gmt":"2026-02-17T16:17:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/data-only-extortion-grows-as-ransomware-gangs-seek-better-profits\/"},"modified":"2026-02-17T11:20:08","modified_gmt":"2026-02-17T16:20:08","slug":"data-only-extortion-grows-as-ransomware-gangs-seek-better-profits","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/17\/data-only-extortion-grows-as-ransomware-gangs-seek-better-profits\/","title":{"rendered":"Data-only extortion grows as ransomware gangs seek better profits"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/ransomware-extortion-bec-arctic-wolf\/812321\/\">Data-only extortion grows as ransomware gangs seek better profits<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/ransomware-extortion-bec-arctic-wolf\/812321\/\">https:\/\/www.cybersecuritydive.com\/news\/ransomware-extortion-bec-arctic-wolf\/812321\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-17 11:17:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>        Listen to the article<br \/>\n        4 min<\/p>\n<p>            This audio is auto-generated. Please let us know if you have feedback.<\/p>\n<p>Dive Brief:<\/p>\n<p>Data-only extortion attacks surged elevenfold over the past year, according to a report that the security firm Arctic Wolf released on Tuesday, illustrating how ransomware gangs are capitalizing on businesses\u2019 fears of reputational damage.<br \/>\nIn 22% of cases that Arctic Wolf responded to between November 2024 and November 2025, hackers only threatened to expose stolen data, rather than to leave it encrypted \u2014 a significant increase from the prior period, when only 2% of cases unfolded that way.<br \/>\nArctic Wolf\u2019s report also detailed hackers\u2019 most common intrusion techniques, offering a warning to businesses about which of their systems could be the most vulnerable.<\/p>\n<p>Dive Insight:<br \/>\nThe increase in data-only ransomware attacks \u2014 a trend that other firms have also reported \u2014 reflects a change in hackers\u2019 motivations, according to Arctic Wolf. \u201cIt now appears that some threat actors \u2026 have begun abandoning encryption altogether to focus purely on data exfiltration and extortion in hopes of better net returns,\u201d the company said.<br \/>\nRansomware accounted for 44% of Arctic Wolf\u2019s incident-response engagements during the period covered in the report. The manufacturing sector bore the brunt of the attacks, followed by law firms, schools, financial institutions and health-care organizations.<br \/>\nRansomware gangs have increasingly adopted affiliate models to generate more revenue, reduce expenses and \u201cattract and retain a broader pool of cybercriminals,\u201d according to Arctic Wolf. The result, the company said, was \u201ca more competitive and interconnected ecosystem,\u201d with hackers moving seamlessly between groups and the brand names of individual gangs mattering less.<br \/>\nThe evidence suggests, however, that law-enforcement takedowns have significantly diminished once-popular gangs such as LockBit, ALPHV\/BlackCat and BlackSuit, according to the report.<br \/>\nHackers also have continued to find success with business email compromise (BEC) schemes, which accounted for 26% of Arctic Wolf\u2019s case load. Those attacks primarily targeted financial and legal organizations. Arctic Wolf reported a \u201cfairly steady flow\u201d of BEC incidents throughout the year, with a dip in May and a surge in June and July. \u201cThese fluctuations suggest that threat actors time campaigns strategically to align with organizations\u2019 financial cycles, world and cultural events, or high-volume transaction periods (such as holidays) when oversight may be reduced,\u201d the researchers wrote.<br \/>\nEmail phishing remained the most popular form of initial access in BEC cases, accounting for 85% of the cases that Arctic Wolf investigated. While those cases involved new credential theft, roughly one in 10 cases involved hackers abusing previously compromised credentials.<br \/>\nOutside of BEC cases, hackers overwhelmingly favored attacks on remote-access tools, including the Remote Desktop Protocol, remote monitoring and management software and popular VPNs. Roughly two-thirds of Arctic Wolf\u2019s non-BEC cases involved remote-access compromises, the company said. That number has steadily increased since three years ago, when it was just 24%.<br \/>\nOnly 11% of cases during the annual reporting period involved the exploitation of known vulnerabilities, compared with 29% during the prior year.<br \/>\n\u201cWhether through rampant credential reuse or potentially devastating exploitation, threat actors are demonstrating a high level of automation and operational maturity, at times achieving full domain compromise within minutes of gaining access,\u201d Arctic Wolf researchers wrote.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data-only extortion grows as ransomware gangs seek better profits https:\/\/www.cybersecuritydive.com\/news\/ransomware-extortion-bec-arctic-wolf\/812321\/ Publish Date: 2026-02-17 11:17:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":188222,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/7eClIEpkaqdDq-BCzSLXICE27sGjrfOYZFN7uyEmnlo\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzk5OTgwMDQ2LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[25],"class_list":["post-188221","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188221"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=188221"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188221\/revisions"}],"predecessor-version":[{"id":188223,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188221\/revisions\/188223"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/188222"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=188221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=188221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=188221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}