Ransomware attacks aren’t limited to thieves hacking your computer and locking you out. Now, bad actors are taking your data and making you buy it back.

A report from cybersecurity firm BlackFog released Wednesday found that extortion by data exfiltration – when an attacker infiltrates a company’s infrastructure, steals the data and threatens to leak it – made up 94% of ransomware attacks in 2024. The trend has accelerated in the past several years, as it gives attackers multiple opportunities to blackmail enterprises, said Dr. Darren Williams, CEO of BlackFog.

“The advantage of data exfiltration for them is that (data) is their currency, and then they can actually leverage it many times over,” said Williams. “It used to be that they spent all their time wrecking your computers or encrypting all the data – but they’ve found that the level of engineering required to actually do that is too much.”

Certain sectors are more vulnerable than others. According to BlackFog’s report, the healthcare, government and education sectors accounted for 47% of ransomware attacks last year. The Change Healthcare breach in February 2024 was one of the largest ransomware attacks of the year, impacting more than 100 million people.

There are two main reasons for this: legacy infrastructure and valuable data.

• These sectors are less likely to invest in or pay attention to cybersecurity and have aging digital infrastructure, making them “easy targets,” said Williams. “A lot of them are still running Windows 7.” 
• They also tend to have very high-value data that would cause devastating effects if leaked. These sectors store a “treasure trove” of personal, financial and health records, as well as classified information, he said. 

But just because those industries are most prone to attack doesn’t mean that everyone else is in the clear. Any organizations with aging infrastructure or a flimsy security strategy could be vulnerable. And many enterprises make the mistake of underestimating the value of their data, said Williams. “People seem to hide behind that, thinking, ‘We don’t have any data worth stealing.’”

When ransomware and data exfiltration incidents do happen, many organizations are prone to sweeping them under the rug rather than coming clean, said Williams. In 2024, only 789 ransomware attacks were disclosed by the company affected, compared with 5,159 that were not. BlackFog’s report tracks both publicly disclosed and undisclosed incidents by continually scanning the dark web for ransomed data, he said.

“The lesson from that we’ve learned over the last few years is it’s better just to get it out there,” Williams said. “If you don’t disclose it, it just gets worse – really, really quickly.”

It’s no surprise that ransomware attacks are expensive, with the average data exfiltration attack costing $5.21 million. The costs are steeper than just the ransom check itself, Williams noted, with victims facing bills for recovery, mitigation techniques, and often regulatory fines and lawsuits. Plus, these attacks often cause long-lasting reputational damage.

With the growing sophistication of AI in such attacks, Williams said, any enterprise can fall victim to ransomware. Protecting yourself involves two main factors: software and training. Investing in solid cybersecurity protection and infrastructure improvements could save your enterprise from a major headache in the long run. And since people are often the biggest security weakness at any business, training employees to be aware of scams and teaching them what not to click is a constant exercise.

“Think of it like fire insurance,” said Williams. “I’m in California, I live in a fire-prone area, but some people say, ‘Oh it’s too expensive.’ But your house is worth so much as an asset. Insurance is less than 1% of the value of your house when you could lose the whole thing.”

Nvidia has long been the darling of the tech industry. Can it keep up its hot streak?

The chip giant beat analysts expectations on Wednesday after reporting a 78% surge in revenue for the fourth quarter, reaching $39.3 billion, and an 114% jump for the full fiscal year to $130.5 billion. Its quarterly data center revenue alone reached $35.6 billion, up 93% year over year.

Ido Caspi, research analyst at Global X ETFs, said he expects Nvidia’s growth to continue, though the rate of expansion may decelerate as the company’s rapid expansion continues and estimates adjust.

“Although revenue growth has decelerated, Nvidia’s 78% year-over-year increase remains impressive given its scale, underscoring strong demand for AI infrastructure,” said Caspi. “This robust performance should similarly alleviate investor concerns about potential slowdowns from emerging competitors like DeepSeek.”

Nvidia’s earnings add yet another quarter to its astronomical winning streak over the past few years. While a few instances, such as DeepSeek’s initial introduction to the market, have knocked its share price down, “it just recoups that value within a couple of weeks, and then it’s backed up to all-time highs again,” said Brian Jackson, principal research director at Info-Tech Research Group.

If the current trajectory of the AI market continues, it’s not likely that Nvidia will be dethroned from its position. With practically every big tech firm “contending to become the dominant player in this space,” said Jackson, “competition is good for spending and investment.”

The only thing that may get in the way is if adoption starts to lag, said Jackson. If the enterprises and users of these massive AI models start to question whether or not they’re getting enough bang for their buck, that could create a domino effect that impacts Nvidia as it would other tech giants.

“There is this line of discussion with AI in the enterprise space about, ‘will (AI) really deliver the return on investment that everybody is saying it will, and why haven’t we seen it yet?” said Jackson. “That could change things. But right now, all indicators show that it’s getting bigger and there’s going to be more building.”

Still, return on investment can be a tricky thing, said Jackson. Actually harnessing the usefulness of AI is about more than just giving your workforce access to productivity tools. It requires CIOs and other leaders to “rethink everything your business does,” Jackson said.

“It’s not an easy path, and it requires a lot of work, and so it’s no wonder why we haven’t seen every organization figure it out,” he added.

Oracle may be looking for a way to spot mistakes before they cause security problems.

The company is seeking to patent a system for “code vulnerability detection and validation” that aims to weed out and fix vulnerable bits of code in software.

Oracle’s system keeps a record of known vulnerable code sections, then modifies them by integrating patches. The system then cross-references the list of known vulnerabilities with software components, and pinpoints when bits of vulnerable code show up across different versions.

Oracle noted that the tech could help track down vulnerabilities when working on a large software project and pulling from a code library. “Vulnerabilities may be discovered in the software component months or even years after users … have integrated the software component into their software projects,” Oracle said in a US Patent and Trademark Office filing.

The system could also be helpful as generative AI quickly changes the software development landscape. More than ever, enterprises and developers are relying on code generation tools to assist in rapidly developing code and software. Deloitte predicts that the productivity gain by US developers adopting code generation tools could be worth up to $12 billion annually.

Major tech companies introduced their own code generation tools in the past year, including Microsoft, Amazon, IBM and Google. Some tech giants are using them internally, too, with Google CEO Sundar Pichai saying last year that 25% of the code for the company’s new projects is AI-generated.

But while AI is fast, it’s not infallible. Generative models have the tendency to hallucinate and supply incorrect answers, as well as exhibit data security issues when prompted in certain ways. Over-reliance on these tools can lead to mistakes that have domino effects in broader security, and with the rise in adoption of them, a system like Oracle’s that automatically detects and fixes code slip-ups could provide valuable protection.