INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Data Theft Extortion Only Attacks

| 2026-06-11 10:20 HIGH LOW
JSON
Executive Summary AI-generated
The threat landscape is shifting, with a growing number of organizations falling victim to extortion-only attacks. Data theft has become the dominant form of ransomware claims, accounting for 87% of all such incidents. This trend suggests that prevention is key, and stopping exfiltration before it occurs is crucial in protecting against these types of threats. Organizations must prioritize data loss prevention technology and deploy zero-trust architectures to limit the blast radius of identity compromise. Developing a "decision framework" and engaging legal counsel can also help prepare for ransom decisions. Protecting insurance policy information by storing documents outside the primary network and monitoring for unauthorized access or exfiltration is essential, as this type of data can provide attackers with leverage. Finally, organizations must track their long-term financial impact to build a more complete picture of the true cost of paying and refusing to pay, making it easier to make informed decisions when faced with extortion demands.
Technical Mitigations AI-generated
• Prioritize data loss prevention technology that intercepts exfiltration before it occurs, and deploy zero trust architectures to limit the blast radius of identity compromise. • Develop a “decision framework” and engage legal counsel, an incident response retainer, and a clear chain of authority for payment decisions. • Protect insurance policy information by storing these documents outside the primary network where possible and monitoring for unauthorized access or exfiltration.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation CentreOperation Centre
Target & Sectors
Global Scope legallegal technologytechnology
Incident Timeline
‎the second half of 2025
Extortion attacks involving data theft gained prominence, with 65% of extortion-related claims handled by Insurer Resilience in the second half of 2025.
tactic Extortion
Insurer Resilience said in a new report that 65% of extortion-related claims it handled in the second half of 2025 did not involve data encryption.
organisation Insurer Resilience
Insurer Resilience said in a new report that 65% of extortion-related claims it handled in the second half of 2025 did not involve data encryption.
general_metric 65 %
Insurer Resilience said in a new report that 65% of extortion-related claims it handled in the second half of 2025 did not involve data encryption.
‎the end of 2025
Ransomware attacks increased, with data theft dominating extortion-only claims.
tactic Ransomware
By the end of 2025, only 13% of attacks relied on encryption alone, while data theft – on its own or combined with encryption – accounted for 87% of ransomware claims, it noted.
general_metric 13 %
By the end of 2025, only 13% of attacks relied on encryption alone, while data theft – on its own or combined with encryption – accounted for 87% of ransomware claims, it noted.
general_metric 87 %
By the end of 2025, only 13% of attacks relied on encryption alone, while data theft – on its own or combined with encryption – accounted for 87% of ransomware claims, it noted.
‎2026/06/11
Threat actors used stolen data to extort ransom from organizations in most attacks, with extortion-only attacks increasing and data theft dominating the number of ransomware claims.
‎2026/06/11
Threat actors used extortion demands to target organizations, with data theft dominating ransomware claims.
organisation Resilience
Nick Harris, CISO at UK cyber-insurance specialist Assured, told Infosecurity that the firm’s claims data reflects broadly the same trends as Resilience is seeing.
organisation Prepare
Shift from recovery to prevention: Prioritize data loss prevention technology that intercepts exfiltration before it occurs, and deploy zero trust architectures to limit the blast radius of identity compromise Prepare for the ransom decision: Develop a “decision framework” and engage legal counsel, an incident response retainer, and a clear chain of authority for payment decisions Protect insurance policy information: Store these documents outside the primary network where possible and monitor for unauthorized access or exfiltration, as the information contained within can give attackers leverage Test preparedness: Use tabletop exercises and breach simulations to test “extortion-specific decision points” including the ransom payment question.
Amid this surge in extortion attempts, Resilience recommended the following ways for organizations to reduce risk exposure: Shift from recovery to prevention: Prioritize data loss prevention technology that intercepts exfiltration before it occurs, and deploy zero trust architectures to limit the blast radius of identity compromise Prepare for the ransom decision: Develop a “decision framework” and engage legal counsel, an incident response retainer, and a clear chain of authority for payment decisions Protect insurance policy information: Store these documents outside the primary network where possible and monitor for unauthorized access or exfiltration, as the information contained within can give attackers leverage Test preparedness: Use tabletop exercises and breach simulations to test “extortion-specific decision points” including the ransom payment question.
organisation Data Theft Dominating Ransomware
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims.
organisation Reducing Risk Exposure
Reducing Risk Exposure A report from January claimed that there were almost 1500 incidents in 2025 that relied on data theft alone for extortion attacks, versus just 28 the year before.
organisation the Resilience Risk Operation Centre
"Paying a ransom is no longer a straightforward recovery decision,” report author and director of the Resilience Risk Operation Centre, Jud Dressler, told Infosecurity .
Intelligence Sources
Infosecurity-Magazine 2026-06-11
Infosecurity-Magazine 2026-06-11