IN 2026, ransomware gangs are shifting from traditional encryption strategies to pure extortion by stealing sensitive data and threatening to leak it instead of encrypting systems. This change is driven by the risks and inefficiencies associated with encryption, making data theft a quieter and often more profitable approach. Ransom payment rates have significantly dropped from 76% in 2019 to 28% in 2026, as companies now face pressure to pay to avoid reputational damage rather than just to restore operations.
The focus is also on valuable privatized data on leak sites, which have become marketplaces for stolen information. Attackers are employing techniques to disable endpoint detection systems, and the operational timelines for attacks have shrunk, prompting a reevaluation of defense strategies towards data exfiltration detection and monitoring.