Covewareβs report concludes that pure data-exfiltration extortion is no longer widely profitable, prompting many ransomware groups to return to encryption or seek other ways to monetize network access. Despite low overall payment rates after breaches like MOVEit and Cleo, average ransom settlements rose due to isolated high-impact incidents, and attackers such as Cl0p remain active. #Cl0p #MOVEit
Keypoints
- Data-exfiltration-only extortion has declined in profitability, reducing victim willingness to pay.
- Cl0p pioneered the tactic by exploiting zero-days in enterprise file transfer products to mass-exfiltrate data.
- Payment rates fell sharply (under 2.5% for MOVEit), while average settlements spiked due to a few high-impact cases.
- Ransomware groups are expected to return to encryption, downsize operations, and seek alternative monetization methods.
- Professional services, healthcare, and technology were top targets as organizations improved resilience and response capabilities.