A nationwide rise in ransomware attacks that increasingly involve the theft of data on top of the locking out of systems owners means more regulatory and legal headaches for affected companies.
Exfiltrated data taken in what are known as double-extortion attacks can trigger breach reporting requirements and other types of disclosures. Such disclosures boost the chances a company would be subject to regulatory scrutiny and consumer-led litigation.
The uptick in ransomware comes amid a surge in cyberattacks, with nation-state actors targeting companies such as