As more and more enterprises back up their data to protect it from being encrypted (and thereby made inaccessible) by ransomware attacks, criminals are now moving to steal the data first before they encrypt it. If the target does not pay up, the attacker releases sensitive data. “Threat actors are now shifting to the method of exfiltrating (stealing) the business’s data prior to the ransomware attack in order to ensure that they are paid the demanded ransom. The business may have a viable backup, but their intellectual property, confidential business data, client information and PII (personal identifiable information) or ePHI (electronic protected health information) has been stolen.”
Source: How to protect businesses against the threat of ransomware attacks and the role of cyber insurance