Rising encryptionless extortion incidents against enterprises in 2025
Target Trend
Summary
Hide ▲
Show ▼
Encryptionless extortion surged in 2025 as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across enterprise environments. The trend matters because data theft became the main extortion lever, making attacks harder to notice when no encryption step is used. Research tied the pattern to almost 1500 incidents in 2025 versus 28 in 2024, showing the tactic has expanded sharply. The update also points to ShinyHunters activity against Salesforce instances, as well as exploitation of CVE-2025-61882 in Oracle E-Business Suites, unpatched zero-days, and software supply-chain weaknesses as examples of how access is being gained.
Related Happenings
Charter Communications hit by network compromise linked to ShinyHunters
Incident
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...
CoinbaseCartel escalates extortion activity with more than 100 victims
Threat Actor Meta
First: 18.05.2026 16:46
Last: 18.05.2026 16:46
Sources 1
About this happening:
**CoinbaseCartel** has expanded its extortion operation, publicly listing **more than 100 victims** on a **data leak portal**. The growth signals a more scalable criminal ecosyste...
CoinbaseCartel escalates extortion activity with more than 100 victims
Threat Actor MetaAbout this happening: **CoinbaseCartel** has expanded its extortion operation, publicly listing **more than 100 victims** on a **data leak portal**. The growth signals a more scalable criminal ecosyste...
Foxconn hit by ransomware attack
Incident
First: 13.05.2026 15:49
Last: 13.05.2026 15:49
Sources 1
About this happening:
**Foxconn** confirmed that **some North American factories** suffered a **cyberattack**, disrupting manufacturing operations and forcing a recovery effort to keep production and d...
Foxconn hit by ransomware attack
IncidentAbout this happening: **Foxconn** confirmed that **some North American factories** suffered a **cyberattack**, disrupting manufacturing operations and forcing a recovery effort to keep production and d...
ShinyHunters school-by-school extortion campaign targeting Canvas institutions
Campaign
First: 11.05.2026 13:05
Last: 11.05.2026 13:05
Sources 1
About this happening:
ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...
ShinyHunters school-by-school extortion campaign targeting Canvas institutions
CampaignAbout this happening: ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...
Instructure hit by cyberattack
Incident
First: 04.05.2026 01:16
Last: 04.05.2026 01:16
Sources 1
About this happening:
**Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...
Instructure hit by cyberattack
IncidentAbout this happening: **Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...
Latest development: 14.05.2026 23:19
The House Committee on Homeland Security and the US Senate Committee on Health, Education, Labor, and Pensions sought briefings from Instructure over the Canvas compromise, pressing the edtech vendor on whether it paid a ransom, what data was affected, how it handled the recent attacks, and whether the incident was linked to a prior Salesforce compromise.
Timeline
-
15.01.2026 17:45 4 articles · 4mo ago
Encryptionless extortion campaigns surge in 2025
Campaign Scope UpdateResearch from Symantec and Carbon Black describes a sharp rise in encryptionless extortion campaigns against enterprises in 2025, with attackers increasingly skipping ransomware encryption and instead stealing data, then threatening to publish it to force payment. Leak-site analysis places these incidents at almost 1500 in 2025 versus 28 in 2024, and the report highlights unpatched zero-day exploitation, software supply-chain weaknesses, ShinyHunters activity against Salesforce instances, and CVE-2025-61882 in Oracle E-Business Suites as examples of the tactic.
Show sources
- Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion — www.infosecurity-magazine.com — 15.01.2026 17:45
- Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion — www.infosecurity-magazine.com — 15.01.2026 17:45
- From Cipher to Fear: The psychology behind modern ransomware extortion — www.bleepingcomputer.com — 27.01.2026 17:02
- Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses — www.bleepingcomputer.com — 19.09.2025 17:01