{"id":234663,"date":"2026-06-22T01:05:00","date_gmt":"2026-06-22T05:05:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/22\/beyond-encryption-ransomware-now-threatens-to-leak-stolen-data\/"},"modified":"2026-06-22T01:35:10","modified_gmt":"2026-06-22T05:35:10","slug":"beyond-encryption-ransomware-now-threatens-to-leak-stolen-data","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/22\/beyond-encryption-ransomware-now-threatens-to-leak-stolen-data\/","title":{"rendered":"Beyond encryption: Ransomware now threatens to leak stolen data"},"content":{"rendered":"<p><a href=\"https:\/\/www.escudodigital.com\/en\/cybersecurity\/beyond-encryption-ransomware-now-threatens-to-leak-stolen-data.html\">Beyond encryption: Ransomware now threatens to leak stolen data<\/a><\/p>\n<p><a href=\"https:\/\/www.escudodigital.com\/en\/cybersecurity\/beyond-encryption-ransomware-now-threatens-to-leak-stolen-data.html\">https:\/\/www.escudodigital.com\/en\/cybersecurity\/beyond-encryption-ransomware-now-threatens-to-leak-stolen-data.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-22 01:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.escudodigital.com\">www.escudodigital.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\tCriminal groups continue to use ransomware, there is no doubt about that. But they are increasingly betting on a strategy based on data theft and the threat of making it public if the victim does not comply with their demands.<\/p>\n<p>And many companies have improved their disaster recovery capabilities and have backups that allow systems to be restored in relatively short times.<\/p>\n<p>As a consequence, criminals are seeking new pressure formulas that generate greater financial, legal, and reputational impact.<\/p>\n<p>Data-based extortion gains prominence<\/p>\n<p>According to the 2026 Global Incident Response Report, prepared by Unit 42, the threat intelligence unit of Palo Alto Networks, extortion incidents that included system encryption fell to 78% during 2025.<\/p>\n<p>This figure represents a change compared to the previous four years, when this percentage usually exceeded 90%.<\/p>\n<p>The data reflects a trend: attackers understand that confidential information has enormous strategic value.<\/p>\n<p>The publication of internal documents, customer data, financial information, or intellectual property can cause much more severe consequences than a simple temporary interruption of activity.<\/p>\n<p>In many cases, the objective is no longer to prevent the organization from working but to threaten to expose sensitive information to customers, partners, regulators, or competitors.<\/p>\n<p>Actors specialized in information theft<\/p>\n<p>Unit 42 has identified several criminal groups that have evolved from traditional ransomware models to schemes focused almost exclusively on data exfiltration and extortion.<\/p>\n<p>Among them is Bling Libra, also known as ShinyHunters, an actor specialized in compromising software as a service (SaaS) applications.<\/p>\n<p>Also included is Hazy Scorpius, known as CLOP, responsible for campaigns that have exploited critical vulnerabilities in enterprise platforms like Oracle EBS.<\/p>\n<p>These groups have demonstrated that obtaining large volumes of information can become an extremely effective pressure tool without the need to deploy complex encryption processes.<\/p>\n<p>Artificial intelligence accelerates attacks<\/p>\n<p>The growing incorporation of artificial intelligence in cybercrime operations is contributing to increasing the speed and effectiveness of attacks.<\/p>\n<p>Criminals can automate reconnaissance tasks, locate vulnerabilities more quickly, and optimize intrusion campaigns.<\/p>\n<p>One of the most striking data collected by Unit 42 is that some attackers are capable of going from initial access to a corporate network to complete information theft in just 72 minutes.<\/p>\n<p>This drastic reduction in response times makes it difficult for organizations to respond and forces the reinforcement of early detection mechanisms.<\/p>\n<p>Four factors explain the change in strategy<\/p>\n<p>The reduction in the use of encryption is due to several elements that are modifying the balance between attackers and defenders.<\/p>\n<p>On one hand, companies have significantly improved their backup and recovery systems, which limits the effectiveness of file hijacking as a pressure mechanism.<\/p>\n<p>There is also greater maturity in endpoint protection solutions and automated tools capable of interrupting attacks before they reach their objectives.<\/p>\n<p>This is compounded by the speed with which criminals can extract critical information and the growing regulatory pressure existing in numerous markets.<\/p>\n<p>Sanctions for regulatory non-compliance, potential legal claims, and reputational damage resulting from a massive leak can generate economic consequences of enormous magnitude.<\/p>\n<p>Sectors most affected by this trend<\/p>\n<p>Campaigns focused exclusively on information theft particularly affected professional services companies, healthcare organizations, and consumer-oriented companies during 2025.<\/p>\n<p>Medium-sized companies accounted for 64% of the incidents analyzed, demonstrating that attackers do not only target large corporations. Many medium-sized organizations manage valuable information but have more limited resources to protect themselves.<\/p>\n<p>Although the manufacturing industry continues to be one of the sectors most affected by cybercrime, the construction sector recorded a 44% year-on-year increase in this type of attack. Criminals find documents related to bids, contracts, financial forecasts, and strategic projects particularly attractive.<\/p>\n<p>Strengthening data protection as a priority<\/p>\n<p>The economic impact of these operations is considerable. The average cost associated with extortion incidents based on information theft already reaches 5.08 million dollars, while large-scale breaches can exceed 10 million dollars.<\/p>\n<p>In this scenario, organizations are forced to expand their security strategy beyond protection against traditional ransomware. Reviewing access to SaaS applications, implementing phishing-resistant authentication systems, continuous monitoring of potential leaks, and accelerating incident response processes have become essential measures.<\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\tCriminal groups continue to use ransomware, there is no doubt about that. But they are increasingly betting on a strategy based on data theft and the threat of making it public if the victim does not comply with their demands.<\/p>\n<p>And many companies have improved their disaster recovery capabilities and have backups that allow systems to be restored in relatively short times.<\/p>\n<p>As a consequence, criminals are seeking new pressure formulas that generate greater financial, legal, and reputational impact.<\/p>\n<p>Data-based extortion gains prominence<\/p>\n<p>According to the 2026 Global Incident Response Report, prepared by Unit 42, the threat intelligence unit of Palo Alto Networks, extortion incidents that included system encryption fell to 78% during 2025.<\/p>\n<p>This figure represents a change compared to the previous four years, when this percentage usually exceeded 90%.<\/p>\n<p>The data reflects a trend: attackers understand that confidential information has enormous strategic value.<\/p>\n<p>The publication of internal documents, customer data, financial information, or intellectual property can cause much more severe consequences than a simple temporary interruption of activity.<\/p>\n<p>In many cases, the objective is no longer to prevent the organization from working but to threaten to expose sensitive information to customers, partners, regulators, or competitors.<\/p>\n<p>Actors specialized in information theft<\/p>\n<p>Unit 42 has identified several criminal groups that have evolved from traditional ransomware models to schemes focused almost exclusively on data exfiltration and extortion.<\/p>\n<p>Among them is Bling Libra, also known as ShinyHunters, an actor specialized in compromising software as a service (SaaS) applications.<\/p>\n<p>Also included is Hazy Scorpius, known as CLOP, responsible for campaigns that have exploited critical vulnerabilities in enterprise platforms like Oracle EBS.<\/p>\n<p>These groups have demonstrated that obtaining large volumes of information can become an extremely effective pressure tool without the need to deploy complex encryption processes.<\/p>\n<p>Artificial intelligence accelerates attacks<\/p>\n<p>The growing incorporation of artificial intelligence in cybercrime operations is contributing to increasing the speed and effectiveness of attacks.<\/p>\n<p>Criminals can automate reconnaissance tasks, locate vulnerabilities more quickly, and optimize intrusion campaigns.<\/p>\n<p>One of the most striking data collected by Unit 42 is that some attackers are capable of going from initial access to a corporate network to complete information theft in just 72 minutes.<\/p>\n<p>This drastic reduction in response times makes it difficult for organizations to respond and forces the reinforcement of early detection mechanisms.<\/p>\n<p>Four factors explain the change in strategy<\/p>\n<p>The reduction in the use of encryption is due to several elements that are modifying the balance between attackers and defenders.<\/p>\n<p>On one hand, companies have significantly improved their backup and recovery systems, which limits the effectiveness of file hijacking as a pressure mechanism.<\/p>\n<p>There is also greater maturity in endpoint protection solutions and automated tools capable of interrupting attacks before they reach their objectives.<\/p>\n<p>This is compounded by the speed with which criminals can extract critical information and the growing regulatory pressure existing in numerous markets.<\/p>\n<p>Sanctions for regulatory non-compliance, potential legal claims, and reputational damage resulting from a massive leak can generate economic consequences of enormous magnitude.<\/p>\n<p>Sectors most affected by this trend<\/p>\n<p>Campaigns focused exclusively on information theft particularly affected professional services companies, healthcare organizations, and consumer-oriented companies during 2025.<\/p>\n<p>Medium-sized companies accounted for 64% of the incidents analyzed, demonstrating that attackers do not only target large corporations. Many medium-sized organizations manage valuable information but have more limited resources to protect themselves.<\/p>\n<p>Although the manufacturing industry continues to be one of the sectors most affected by cybercrime, the construction sector recorded a 44% year-on-year increase in this type of attack. Criminals find documents related to bids, contracts, financial forecasts, and strategic projects particularly attractive.<\/p>\n<p>Strengthening data protection as a priority<\/p>\n<p>The economic impact of these operations is considerable. The average cost associated with extortion incidents based on information theft already reaches 5.08 million dollars, while large-scale breaches can exceed 10 million dollars.<\/p>\n<p>In this scenario, organizations are forced to expand their security strategy beyond protection against traditional ransomware. Reviewing access to SaaS applications, implementing phishing-resistant authentication systems, continuous monitoring of potential leaks, and accelerating incident response processes have become essential measures.<\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tBecome a premium member for free!<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Beyond encryption: Ransomware now threatens to leak stolen data https:\/\/www.escudodigital.com\/en\/cybersecurity\/beyond-encryption-ransomware-now-threatens-to-leak-stolen-data.html Publish Date: 2026-06-22 01:05:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":234664,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/d3fkdmlbzjtjd3.cloudfront.net\/articulos\/articulos-81608.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,24,25],"class_list":["post-234663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234663"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=234663"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234663\/revisions"}],"predecessor-version":[{"id":234665,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234663\/revisions\/234665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/234664"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=234663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=234663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=234663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}