Report: Data extortion attacks on the rise

CyberScoop reports that cyber incidents involving data extortion have grown significantly, rising from 2% of incidents in 2020 to over 15% of incidents in 2025.

While intrusions involving ransomware deployment slightly declined over the past year, numerous ransomware operations continue to incorporate data theft as an added pressure tactic, according to research from Google Threat Intelligence Group. Attackers often gain entry by exploiting known vulnerabilities, followed by web compromises and stolen credentials. Common targets include enterprise security systems from Palo Alto Networks, Fortinet, SonicWall, and Citrix. While encryption-based ransomware is still common, more financially driven attackers are choosing data theft alone as their method of coercion.

Groups such as Scattered Spider, Clop, and ShinyHunters are among those heavily involved in this type of activity and have carried out major attacks in recent years. Additional findings showed that activity on data leak sites has also surged, though such platforms are considered unreliable indicators. Attackers are also increasingly targeting virtualized environments, enabling broader impact while complicating investigations.