Top 3 reasons ransomware groups are focusing more on data exfiltration than encryption

By Vanessa Horton, cyber incident responder, and Cliff Martin, head of cyber incident response.

This year, the cyber security industry has seen a change in the way ransomware groups operate.  

Historically, they have focused on encrypting data, with some also exfiltrating data in a double-extortion attack.  

In recent months, however, there has been a growing trend of threat actors moving away from encryption and putting all their effort into data exfiltration. This is a worrying development for organisations, as it means that even if they have good backup and recovery procedures, they are still at risk of being held hostage by these ransomware groups.  

Threat actors are now spending more time within the victim’s IT environment to find data that is truly sensitive, putting even more pressure on the victim to pay up.  

There are several reasons threat actors might be focusing on data exfiltration. 

  1. One is that encryption is becoming less effective. As organisations improve their backup and recovery procedures, they are less likely to pay a ransom to decrypt their data. 
  2. Additionally, government agencies are becoming more effective at tracking down and disrupting ransomware groups.  
  3. Another reason is data exfiltration is more profitable for the ransomware group. They can sell the stolen data on the dark web or use it to blackmail their victims. In some cases, the stolen data can be more valuable than the ransom payment itself.  

Organisations need to focus on identifying where they can improve their ability to protect against, detect and respond to suspected cyber security incidents as soon as possible to limit their impact. 

When you suffer a cyber attack or data breach, the speed of your response makes a significant difference to your recovery – and the associated costs. 

The sooner you act, the quicker, easier and cheaper it will be to restore affected systems and return to business as usual. 

Our approach to cyber incident response and recovery 

At GRCI Law, we understand how cyber incidents can affect your organisation, as well as the challenges you will face when dealing with them. 

It’s crucial that you get prompt, expert advice in the initial stages of an incident so that your organisation can detect, respond to and recover from it. Responding quickly can also minimise reputational and financial damage.

Contact us to find out more