Almost half of ransomware victims have data stolen before they can even detect an intrusion
- ExtraHop’s Global Threat Landscape Report shows 49% of ransomware victims only detected attacks after data theft, up from 31% last year
- Average dwell time before detection is 2.5 weeks; attackers exploit encrypted channels, valid accounts, and alert fatigue to evade defenses
- Ransom payments fell from $3.6M to $2.8M, but payment frequency rose sharply, with 83% of surveyed victims paying in 2026 vs. 70% in 2025
Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever.
Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of organizations that were struck by ransomware did not detect the threat until after the data was stolen.
This is up from 31% a year ago, ExtraHop stressed, showing the...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE
