The ransomware economy is shifting toward straight-up data extortion | CyberScoop<\/title> <meta name=\"description\" content=\"Google\u2019s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/google-threat-intelligence-group-ransomware-report-2026\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"The ransomware economy is shifting toward straight-up data extortion\"> <meta property=\"og:description\" content=\"Google\u2019s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/google-threat-intelligence-group-ransomware-report-2026\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-16T10:00:00+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1773167249g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88219\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88219\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgoogle-threat-intelligence-group-ransomware-report-2026%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgoogle-threat-intelligence-group-ransomware-report-2026%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88219 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/google-threat-intelligence-group-ransomware-report-2026\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.311659192825\">\n<div class=\"single-article__header-content\" readability=\"34.329466357309\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/google-threat-intelligence-group-ransomware-report-2026\/\"> <span>Ransomware<\/span> <\/a> <\/li>\n<\/ul>\n<p> Google\u2019s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88219\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg 2309w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-2.jpg?resize=1498,843 1498w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"83.912061436531\"><body readability=\"170\"><\/p>\n<p>Ransomware remains a scourge that shows some signs of relenting, but incident responders and threat hunters are busier than ever as more financially-motivated attackers lean exclusively on data theft for extortion.<\/p>\n<p>Attacks that only involve data theft for extortion may not be more prevalent than traditional ransomware when attackers encrypt systems, but momentum is moving in that direction, Genevieve Stark, head of cybercrime intelligence at Google Threat Intelligence Group, told CyberScoop.<\/p>\n<p>\u201cWhen you look at the actors in the English-speaking underground, those actors are almost all just focusing on data-theft extortion right now,\u201d Stark added. This includes groups like Scattered Spider, ShinyHunters, Clop and other groups that have been responsible for some of the largest and farthest-reaching attacks over the past few years.<\/p>\n<p>Google Threat Intelligence Group\u2019s research report on ransomware, which it shared exclusively and discussed with CyberScoop prior to release, underscores how the evolution and spread of cybercrime can cloud a collective understanding of ransomware, or attacks that use malware to encrypt or lock systems. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ransomware attacks also often include data theft as an additional pressure point for extortion \u2014 occurring in 77% of ransomware intrusions Google observed last year, up from 57% in 2024 \u2014 but it\u2019s not technically ransomware unless encryption is involved. <\/p>\n<p>\u201cIn intrusions investigated by Mandiant, we observed a decline in traditional ransomware deployment coinciding with a rise in data-theft extortion,\u201d researchers said in the report. \u201cFurther, some ransomware-as-a-service programs are providing data-theft-extortion-only options in addition to ransomware, which may reflect demand from their customer base.\u201d<\/p>\n<p>The company declined to say how many ransomware attacks it responded to in 2025. \u201cWe hesitate sharing the number of cases that we work on, in terms of a quantitative number, because it\u2019s so difficult for everybody to agree on what constitutes one incident versus two,\u201d said Chris Linklater, practice leader at Mandiant. \u201cAnecdotally, we\u2019re staying very busy.\u201d<\/p>\n<p>Stark acknowledged that significant challenges prevent the industry from developing a clear, comprehensive picture of ransomware\u2019s true scale and impact. Insight is largely confined to what individual incident response firms see in their own cases, and what information is shared is typically provided case by case rather in a centralized way.<\/p>\n<p>\u201cWe\u2019re not doing a great job as an industry in looking at the volume. I think that we\u2019re overly dependent on things like the volume of data-leak sites, which have a lot of problems,\u201d she said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The increase in data extortion is likely driving an increase in these posts. At the same time, some threat clusters are making non-credible claims or recycling previous breaches and claiming them as their own work. \u201cData-leak sites as a measure is actually pretty poor, and I think that as an industry we\u2019ve over relied on that,\u201d Stark said.<\/p>\n<p>Yet, the data is still useful for gauging certain trends, such as shifts in targeting or an increase in alleged attacks on specific sectors or regions, researchers said.<\/p>\n<p>For what it\u2019s worth, Google said the amount of posts on data leak sites jumped 48% from the year prior to 7,784 posts in 2025. Meanwhile, the number of unique data leak sites climbed almost 35% over the same period to 128 sites with at least one post.<\/p>\n<p>Google\u2019s report also focuses on the tactics and shifts it observed during its response to ransomware attacks last year, including the most common ways attackers broke into systems, the most prominent ransomware families and increased targeting of virtualization infrastructure.<\/p>\n<p>Exploited vulnerabilities was the top initial access vector in ransomware attacks last year, accounting for a third of all incidents, followed by various forms of web compromise and stolen credentials. Attackers most commonly exploited vulnerabilities in widely used virtual private networks and firewalls from Fortinet, SonicWall, Palo Alto Networks and Citrix, researchers said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Zach Riddle, principal threat intelligence analyst at GTIG, said this doesn\u2019t reflect a growing trend as much as a recurring cycle of different initial access vectors, which rise and fall year to year for various reasons.<\/p>\n<p>Google specifically called out 13 vulnerabilities, many disclosed years ago, ranking those defects among the top exploited vulnerabilities for ransomware attacks last year. Three of those vulnerabilities affect Fortinet products, followed by two from Microsoft, two from Veritas, and one each from SonicWall, Citrix, SAP, Palo Alto Networks, CrushFTP and Zoho.<\/p>\n<p>Stolen credentials were the initial access point in 21% of ransomware intrusions last year, and attackers often used those credentials to authenticate to a victim\u2019s VPN or Remote Desktop Protocol login, Google said in the report.<\/p>\n<p>Attackers are also confronting more challenges in deploying ransomware once they break into victim networks. \u201cWe\u2019re actually seeing a decrease in successful ransomware deployment,\u201d said Bavi Sadayappan, senior threat intelligence analyst at GTIG. Google observed a year-over-year decline from 54% in 2024 to 36% last year.<\/p>\n<p>Another landmark change reflected in ransomware activity in 2025 involves increased targeting of virtualization infrastructure, such as VMware ESXi hypervisors. Attackers targeted these environments in 43% of ransomware intrusions last year, up from 29% in 2024.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIt lets the attacker hit a huge number of systems with a very small amount of effort,\u201d Linklater said, adding that \u201cit makes the investigation significantly harder to accomplish, because a lot more of the forensic evidence is lost when those hypervisors are attacked.\u201d<\/p>\n<p>The most prominent ransomware families in 2025 included Agenda, Redbike, Clop, Playcrypt, Safepay, Inc, RansomHub and Fireflame, according to Google. The most active ransomware brands last year included Qilin, Akira, Clop, Play, Safepay, Inc, Lynx, RansomHub, DragonForce and Sinobi.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7064315352697\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/google-threat-intelligence-group-ransomware-report-2026\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ransomware economy is shifting toward straight-up data extortion |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,895,323,387,3729,646,46,256],"tags":[286,86,902,327,391,3731,650,54,262],"class_list":["post-8433","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-data-theft","category-extortion","category-google","category-google-threat-intelligence-group","category-mandiant","category-ransomware","category-research","tag-cybercrime","tag-cybersecurity","tag-data-theft","tag-extortion","tag-google","tag-google-threat-intelligence-group","tag-mandiant","tag-ransomware","tag-research"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-theft\/\" rel=\"category tag\">Data theft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a>","tag_info":"Research","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8433"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8433\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8433,"date":"2026-03-16T05:00:00","date_gmt":"2026-03-16T10:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88219"},"modified":"2026-03-16T05:00:00","modified_gmt":"2026-03-16T10:00:00","slug":"the-ransomware-economy-is-shifting-toward-straight-up-data-extortion","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/16\/the-ransomware-economy-is-shifting-toward-straight-up-data-extortion\/","title":{"rendered":"The ransomware economy is shifting toward straight-up data extortion"},"content":{"rendered":"