Ransomware: As Infostealers Bite, Prevention Beats Recovery

Cyber Insurance Claims Data Tracks Rise of Extortion Focused Only on Stolen Data Mathew J. Schwartz (euroinfosec) • February 27, 2026

Attackers are increasingly stealing data and holding it to ransom without encrypting files. They're doubling down on the use of credentials gathered by information-stealing malware and using phishing attacks for gaining initial access.

See Also: Experts Offer Insights from Theoretical to the Realities of AI-enabled Cybercrime

So says a new report from San Francisco-based cyber insurance firm Resilience, based on claims submitted by its policyholders.

Data from the hack attack victims shows that extortion remains widely practiced and increasingly popular. In the first half of 2025, 49% of the firm's policyholder's extortion claims tied to attacks that only involved data theft. By the second half of 2025, two-third of claims tied to such attacks.

While solid data on the size and success of the overall ...