This does make some sense. The arms race will continue.
“With the rise of additional mitigation and recovery options that help organizations avoid paying the ransom, the next stage is to force payment, and it would be easy for the actor to post a number of example files to Pastebin,” perhaps initially in an encrypted format, while threatening to post a decryption key, Stubley tells ISMG.
So as organizations get better at making sure they have good backups of their data, and plans to restore those backups as quickly as possible after a ransomware attack, simply encrypting the data gets less lucrative. The next logical step is to go ahead and steal the data and threaten to leak it.
It’s not as easy to do, but if that’s where the money is headed, that’s where the illegal activity will move.
It’s also not quite as easy to overcome once you’re in this situation, and moves all of the focus on to not getting infected in the first place. Which, is also harder to do.
Be careful out there….