Data-Only Extortion Attacks Increased Eleven Times in 2025

Data-Only Extortion Attacks Increased Eleven Times in 2025

/ Categories Cyber Security Threats / by

Data-only extortion attacks increased elevenfold between November 2024 and November 2025, representing a measurable shift in cyber extortion activity documented in recent threat reporting.

Report Findings

Arctic Wolf released a 2026 threat report identifying a substantial rise in data-only extortion incidents during the most recent reporting period. The report found that data-only extortion incidents accounted for 22 percent of incident response engagements between November 2024 and November 2025.

In the prior reporting cycle, data-only extortion incidents accounted for 2 percent of incident response cases. The change from 2 percent to 22 percent reflects an elevenfold increase in reported data-only extortion activity.

Nature of Data-Only Extortion

Data-only extortion differs from traditional ransomware attacks in that threat actors focus on exfiltrating sensitive data and threatening to publish or sell the information rather than encrypting systems. The reporting describes this shift as a change in threat actor tactics, with attackers relying on data theft and extortion demands without deploying encryption mechanisms commonly associated with ransomware campaigns.

Arctic Wolf also attributes the rise of data-only extortion attacks to organizations’ better preparation and ability to recover from traditional attacks with ransomware encryption. For the healthcare industry, it likely means that HIPAA laws enforcement is working to push covered entities to be ready to prevent and respond to cyberattacks.

Continued Ransomware Activity

The report also confirmed that ransomware remains a dominant threat category. Ransomware, business email compromise, and data-related incidents collectively accounted for more than 90 percent of recorded incident response cases in the reporting period. The concentration of these categories indicates that a limited number of attack types continue to represent the majority of response engagements handled by analysts.

Scope of the Analysis

The findings are based on analysis of hundreds of real-world incident response engagements and threat intelligence data collected over the past year.

The data reflects direct observations from response cases rather than survey responses or projections.

The report highlighted the elevenfold increase in data-only extortion attacks.

The coverage noted the statistical growth in data-only extortion incidents and the continued prominence of ransomware in incident response data.

Image credits: Vera, Adobestock

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

John Blacksmith

John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism and many years experience.
Twitter
LinkedIn

Related News

Stay Connected

  • Twitter
  • LinkedIn
  • Reddit
  • Mastodon

Subscribe

*Our Privacy Policy and Terms & Conditions