In 2024, cybercriminals stole personal data almost twice as often as in the previous year. The Dutch data protection authority AP is concerned about a trend in which ransomware attacks are increasingly accompanied by data theft.
The AP counted at least 112 successful ransomware attacks in the Netherlands in 2024. What makes these attacks particularly dangerous is that hackers have adapted their tactics. They not only freeze computer systems, but also copy data sets before demanding a ransom.
This new pattern emerged because organizations are better prepared for cyberattacks. Many companies now back up their data, making them less vulnerable to system “freezing.” Cybercriminals are responding by copying data sets and threatening to sell or publish them online.
Financial consequences are mounting
The damage caused by ransomware attacks can be considerable. Research by the AP shows that organizations lose an average of more than €100,000 in the aftermath of such attacks. In extreme cases, the costs can even run into hundreds of thousands of euros. These expenses include the cost of hiring external cyber experts.
“Be extremely vigilant about your data, where you store it, and who you share it with,” warns AP director Katja Mur. According to her, criminals can use stolen personal data to send fake messages that are almost indistinguishable from the real thing to defraud people.
For individual victims, the consequences can be far-reaching. With a stolen phone number or email address, criminals can send credible phishing messages. A copy of a passport can be misused to place online orders or organize illegal activities under someone else’s name.
New revenue models for cybercriminals
The changing approach of hackers demonstrates their adaptability. Whereas in the past, the primary goal was to make systems inaccessible, data theft has now become an essential source of income. By copying data sets, criminals can maintain their revenue model, even if organizations are able to restore their systems from backups.
This development makes cyberattacks even more dangerous. Even organizations that can quickly resume operations from a technical standpoint remain vulnerable to blackmail and reputational damage due to the theft of sensitive data.
Tip: Even paying victims lose their data with Anubis ransomware