THE article "Out of the Crypt: The Evolving Cyber Extortion Economy" discusses the shift in cyber extortion tactics due to advancements in data recovery and compliance pressure, leading criminals to move away from ransomware towards pure data theft without encryption. Key points include:
1. **Decrease in Ransomware**: Only 78% of extortion cases used encryption in 2025, down from over 90% from 2021-2024.
2. **Increased Data Theft**: Notable growth in data-exfiltration-only campaigns, particularly targeting mid-sized organizations in sectors like Professional Services and Healthcare.
3. **Regulatory Influence**: Compliance frameworks like GDPR and SEC’s disclosure requirements now play a significant role in extortion, pushing companies to pay extortion demands swiftly to avoid severe penalties.
4. **Emerging Techniques**: Attackers are adopting innovative methods to gain access and exert pressure on victims, including software supply chain compromises and vishing (voice phishing).
5. **AI Implications**: The use of frontier AI models is anticipated to accelerate attacks, necessitating proactive defense measures.
6. **Defensive Recommendations**: Strategies include implementing data loss prevention controls, auditing SaaS security, enhancing identity verification methods, and maintaining supply chain integrity.