{"id":4119,"date":"2026-01-15T15:52:06","date_gmt":"2026-01-15T15:52:06","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/01\/15\/hackers-increasingly-shun-encryption-in-favour-of-pure-data-theft-and-extortion\/"},"modified":"2026-01-15T15:52:06","modified_gmt":"2026-01-15T15:52:06","slug":"hackers-increasingly-shun-encryption-in-favour-of-pure-data-theft-and-extortion","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/01\/15\/hackers-increasingly-shun-encryption-in-favour-of-pure-data-theft-and-extortion\/","title":{"rendered":"Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion"},"content":{"rendered":"
\n

There has been a significant rise in ransomware campaigns which do not rely on encryption as cybercriminal extortion groups shift their operations.<\/p>\n

An increasing number of cybercriminals are relying on data theft alone to extort ransom payments out of victims, a new research paper by Symantec and Carbon Black has warned.<\/p>\n

\u201cExtortion-only attacks have grown immensely\u2026In these attacks, no ransomware is deployed, the attackers simply steal data from the victim\u2019s network and attempt to extort a ransom from victims by threatening to publish the stolen data,\u201d said the report.<\/p>\n

While the number of \u2018traditional\u2019 ransomware attacks has remained stable \u2013 according to Symantec, data from ransomware leak sites suggested a total of \u00a04737 ransomware \u00a0attacks during 2025, up 1% compared with 2024 \u2013 the number of encyptionless attacks has grown significantly.<\/p>\n

Analysis of data leak sites suggests that there were almost 1500 incidents that relied on data theft alone for extortion attacks in what\u2019s described as a \u201csignificant jump\u201d in cyber-criminal groups leveraging the tactic. The figure for 2024 was only 28.<\/p>\n

Encryptionless Ransomware Campaigns Exploit Supply Chain Weaknesses <\/strong><\/h3>\n

According to Symantec and Carbon Black, the most commonly deployed attack vectors in encryptionless ransomware campaigns are exploitation of unpatched zero-day vulnerabilities and leveraging weaknesses in the software supply chains.<\/p>\n

A prominent example of this during 2025 was a series of attacks by the ShinyHunters gang which hit companies around the world, including Allianz, Qantas and Google.<\/p>\n

ShinyHunters\u2019 campaigns specifically targeted Salesforce instances, using social engineering and voice phishing attacks to gain access to credentials for Salesforce portals and exploit this to move laterally across the network. They used this access to steal data of Salesforce users and threatened to publish it if the affected company didn\u2019t pay a ransom.<\/p>\n

Another cybercriminal gang increasingly engaging in extortion-only attacks is Scattered Spider, although the group still deployed regular ransomware attacks \u2013 as seen in incidents targeting Marks & Spencer and The Co-op last year.<\/p>\n

Researchers also noted that one zero-day vulnerability which was exploited to deploy encryptionless extortion campaigns included CVE-2025-61882, a vulnerability in Oracle E-Business Suites that allowed unauthenticated attackers to remotely execute code.<\/p>\n

These campaigns which favour data theft over deploying encryption-based ransomware are creating another cybersecurity challenge for organizations.<\/p>\n

\u201cWhile attacks involving encrypting ransomware remain as prevalent as ever and still pose a threat, the advent of new types of encryptionless attacks adds another degree of risk,\u201d said Symantec in the research paper.<\/p>\n

\u201cThis broadening of potential attack types presents new challenges for enterprises that not only have to maintain a robust security posture on their own networks but now also must put greater focus on the security of their software supply chain.\u201d<\/p>\n

It’s recommended that organizations take the appropriate actions to help avoid falling victim to encryptionless extortion attacks.<\/p>\n

\n

“Audit all software used by your organization and ensure all security updates are applied. Strong credential hygiene\u00a0is also really important. You need robust credentials\u00a0and MFA should be used routinely,”\u00a0<\/p>\n

Dick O\u2019Brien, principal intelligence analyst for the Symantec and Carbon Black Threat Hunter Team told Infosecurity<\/em>.\u00a0<\/p>\n

“Pay attention to your software supply chain, in particular third-party add-ons and extensions that may have access to enterprise applications,” he added.<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

There has been a significant rise in ransomware campaigns which do not rely on encryption as cybercriminal extortion groups shift their operations. An increasing number of cybercriminals are relying on data theft alone to extort ransom payments out of victims, a new research paper by Symantec and Carbon Black has warned. \u201cExtortion-only attacks have grown<\/p>\n","protected":false},"author":2,"featured_media":4120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4119-64116545-3e2e-4033-9904-dba586bf08d1-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4119"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4119\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4120"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}