In recent years, ransomware attacks have evolved beyond just file encryption and system lockdowns. A growing number of cybercriminals are now engaging in data extortion, a tactic in which stolen data is used as leverage. Hackers threaten to either sell or publicly release the stolen information, posing long-term reputational and operational risks to the affected organizations. The threat becomes even more significant if the targeted company is in the midst of a merger or acquisition, where any negative publicity or perceived instability can derail negotiations or reduce valuation.
A recent survey by Delinea, a Santa Clara-based cybersecurity firm specializing in identity and access management, has highlighted a new and disturbing trend within this evolving threat landscape.
According to Delinea’s security researchers, one in four companies that were hit by ransomware and opted to pay the ransom did not receive their entire data set back. Portions of the stolen data were either withheld, lost, or possibly already shared elsewhere, indicating that ransom payments do not guarantee full data recovery.
Moreover, 85% of organizations that had their data stolen reported being explicitly threatened with exposure or sale of that data. These threats often come with the condition of paying a ransom in cryptocurrency, further complicating the traceability and enforcement of such crimes.
This underscores a harsh reality: paying the ransom does not assure safety or closure. In fact, it may open the door to further exploitation. Attackers may return, claiming they still possess unreleased data and demanding additional payments to prevent future leaks or resale. This tactic is often referred to as a “double extortion” scheme.
If the stolen data eventually surfaces on data leak forums, it can attract interest from other malicious actors. Some may use it to launch phishing campaigns or social engineering attacks, while others might aggregate and repackage the data into formats like Excel files, turning it into a commercial product for sale to third parties.
For the victimized company, the consequences are severe. Beyond the technical and operational setbacks, there’s also the risk of regulatory penalties, especially under data protection laws like GDPR or CCPA. The breach may also draw scrutiny from investors, customers, and business partners, who may question the company’s ability to safeguard sensitive information.
In conclusion, the Delinea report makes it clear: ransomware is no longer just about encryption—it’s about leverage. Companies must adopt stronger cyber hygiene practices, invest in incident response plans, and prepare for the growing threat of multi-layered extortion that extends far beyond the initial attack.
Join our LinkedIn group Information Security Community!
