What's Happening?
A new report by Symantec and Carbon Black reveals a significant rise in cybercriminals opting for data theft and extortion over traditional encryption-based ransomware attacks. These 'extortion-only' attacks involve
stealing data from victims' networks and demanding ransom by threatening to publish the stolen information. The report notes a substantial increase in such attacks, with nearly 1,500 incidents in 2025 compared to just 28 in 2024. The shift is attributed to the exploitation of unpatched vulnerabilities and weaknesses in software supply chains, with notable attacks targeting major companies like Allianz and Google.
Why It's Important?
This trend represents a shift in cybercriminal tactics, posing new challenges for organizations in maintaining cybersecurity. The focus on data theft rather than encryption requires companies to enhance their security measures, particularly in protecting software supply chains and addressing vulnerabilities. The rise of extortion-only attacks highlights the evolving nature of cyber threats and the need for continuous adaptation in cybersecurity strategies. Organizations must prioritize robust security postures and implement comprehensive measures to safeguard against these emerging threats.
