Data Exfiltration Attacks Are On the Rise. Here’s How to Protect Your Business

Ransomware attacks aren’t limited to thieves hacking your computer and locking you out. Now, bad actors are taking your data and making you buy it back. 

A report from cybersecurity firm BlackFog released Wednesday found that extortion by data exfiltration – when an attacker infiltrates a company’s infrastructure, steals the data and threatens to leak it – made up 94% of ransomware attacks in 2024. The trend has accelerated in the past several years, as it gives attackers multiple opportunities to blackmail enterprises, said Dr. Darren Williams, CEO of BlackFog.  

“The advantage of data exfiltration for them is that (data) is their currency, and then they can actually leverage it many times over,” said Williams. “It used to be that they spent all their time wrecking your computers or encrypting all the data – but they’ve found that the level of engineering required to actually do that is too much.” 

Certain sectors are more vulnerable than others. According to BlackFog’s report, the healthcare, government and education sectors accounted for 47% of ransomware attacks last year. The Change Healthcare breach in February 2024 was one of the largest ransomware attacks of the year, impacting more than 100 million people.

There are two main reasons for this: legacy infrastructure and valuable data. 

• These sectors are less likely to invest in or pay attention to cybersecurity and have aging digital infrastructure, making them “easy targets,” said Williams. “A lot of them are still running Windows 7.” 
• They also tend to have very high-value data that would cause devastating effects if leaked. These sectors store a “treasure trove” of personal, financial and health records, as well as classified information, he said. 

But just because those industries are most prone to attack doesn’t mean that everyone else is in the clear. Any organizations with aging infrastructure or a flimsy security strategy could be vulnerable. And many enterprises make the mistake of underestimating the value of their data, said Williams. “People seem to hide behind that, thinking, ‘We don’t have any data worth stealing.’”  

When ransomware and data exfiltration incidents do happen, many organizations are prone to sweeping them under the rug rather than coming clean, said Williams. In 2024, only 789 ransomware attacks were disclosed by the company affected, compared with 5,159 that were not. BlackFog’s report tracks both publicly disclosed and undisclosed incidents by continually scanning the dark web for ransomed data, he said.  

“The lesson from that we’ve learned over the last few years is it’s better just to get it out there,” Williams said. “If you don’t disclose it, it just gets worse – really, really quickly.” 

It’s no surprise that ransomware attacks are expensive, with the average data exfiltration attack costing $5.21 million. The costs are steeper than just the ransom check itself, Williams noted, with victims facing bills for recovery, mitigation techniques, and often regulatory fines and lawsuits. Plus, these attacks often cause long-lasting reputational damage. 

With the growing sophistication of AI in such attacks, Williams said, any enterprise can fall victim to ransomware. Protecting yourself involves two main factors: software and training. Investing in solid cybersecurity protection and infrastructure improvements could save your enterprise from a major headache in the long run. And since people are often the biggest security weakness at any business, training employees to be aware of scams and teaching them what not to click is a constant exercise. 

“Think of it like fire insurance,” said Williams. “I’m in California, I live in a fire-prone area, but some people say, ‘Oh it’s too expensive.’ But your house is worth so much as an asset. Insurance is less than 1% of the value of your house when you could lose the whole thing.”