[gregwebs]

There is a difference for the business though – although the data may be exposed, the business may still be able to maintain continuity. I believe it is the lack of business continuity that has made ransomware so powerful – when a business can no longer function it will do anything to get that back. If the business could continue to operate they would be in a much better position to refuse to pay the ransom. If all businesses refused to pay the ransoms, ransomware would stop.

Obviously it’s still really bad if sensitive information is exposed. But also consider that some of the information essential for business continuity would be less sensitive in a public exposure scenario.

So in some cases it is just as effective, but in many cases it is not. As I understand it, most ransomware providers still attempt both encryption and exfiltration. Exfiltration is now standard not because it is easier but because more companies are able to restore operations from backup.