Why pure extortion is replacing traditional ransomware

The report describes a 2026 industry-wide shift from encryption-focused ransomware to "pure extortion" attacks that prioritize fast, quiet data theft and monetization via leak sites and resale; it cites large-scale incidents (ShinyHunters and Nitrogen/Foxconn), notes adoption of EDR-killer tactics (e.g., BYOVD), and urges defenders to focus on exfiltration detection, outbound traffic monitoring, DLP, cloud-storage abuse detection, and rapid disclosure readiness.