GOOD news for downstream victims: the mass data extortion campaigns are losing their bite, with fewer victims paying after breaches, according to Coveware. The analysis notes that paying for data suppression does not remove legal or regulatory obligations, does not meaningfully reduce litigation risk, and does not prevent threat actors from retaining, leaking, or re-extorting data months or years later.
It also highlights how other groups, including Snowflake-related breaches in 2024 and CRM-focused attacks in 2025 attributed mainly to Shiny Hunters, saw extortion payments remain the exception rather than the rule. The piece also cites that one 2023 campaign may have netted as much as $100 million, a figure linked via BankInfoSecurity, and references advice from Unit 221B about how to respond to or engage with threat actors.
DataBreaches notes that paying or engaging may escalate threats, and emphasises that victims should carefully consider their knowns about the attack, back-ups, and whether to involve law enforcement and incident responders before taking any action. According to Coveware.