As if businesses didn’t already have enough to be worried about this year, the rapid evolution of ransomware is yet another concern to be aware of.

Towards the end of 2019, cyber criminals began combining ransomware attacks with data theft attempts, blurring the line between what were once two distinct types of hacks. Now the disruption of a ransomware attack is merged with the long-term impacts of a data breach.

More and more frequently, criminals aren’t just encrypting data – they’re stealing and threatening to release it unless they are paid. These attacks are becoming common enough they’ve even been given a name: “exfiltration+encryption” attacks. The chance an organization will have its data stolen in a ransomware attack is greater than 1 in 10, based on records from ID Ransomware (

Even if a business is able to restore their data from backups, they are still at risk of having their information released to the public. And on top of business interruption costs, depending on the confidentiality requirements, the affected organization may be looking at a data breach and associated costs.

Companies that start remediating ransomware events without the help of experts may destroy evidence required to investigate the nature and scope of the event. This could lead to a significant increase in costs as breach reporting may be required for every customer/vendor in order to comply with government regulations.

Cyber criminals are often targeting organizations in the financial, healthcare, and legal sectors, as they will be most affected if their data is exposed, and are therefore more likely to pay the ransom in order to prevent exposure. However, not all criminals are looking for personal data. Stealing data that would do the most harm to an organization is the goal, whether it involves people or business information – aka. Trade Secrets. Consider how a company would be affected if its’ “secret sauce” was leaked.

Security firm Emsisoft ( expects these exfiltration+encryption attacks will become increasingly standard practice for cyber criminals, meaning that the risks and costs associated with ransomware incidents will only continue to rise. It is important to remember that all organizations are vulnerable to these threats: from large enterprises to small-and-medium sized business, no one is immune.

To learn more about cybersecurity risks, preventative measures, and Cyber Insurance, click here.