Ransomware groups adopt parasitic residency tactics as encryption declines in favor of data theft and stealth
Ransomware groups are abandoning loud encryption for "parasitic" silent residency and data theft, using trusted services like OpenAI to hide their traffic.
By: AXL Media
Published: Mar 3, 2026, 3:34 AM EST
Source: The information in this article was sourced from CSO Online
Shift from Predatory to Parasitic Tactics
Cybersecurity researchers have identified a fundamental shift in the tradecraft of ransomware groups, moving away from loud, disruptive encryption toward quiet, long term persistence. According to the Picus Security red teaming report, four out of five common attack techniques are now designed specifically to avoid detection once initial access is gained. This "parasitic" approach allows attackers to maintain residency within a network for extended periods, exfiltrating data silently rather than immediately triggering alarms through file encryption.
Abuse of Trusted Enterprise Services
To further evade modern security defenses, ransomware operators are increasingly routing command and control traffic through legitimate enterprise platforms. By using services such as OpenAI and AWS, attackers ensure that their malicious communications blend in with normal business traffic. This strategy makes it significantly harder for security teams to identify anomalies, as the adversarial actions closely resemble the standard operations of modern, cloud integrated businesses.
Decline in Encryption and Rise of Data Theft
The traditional ransomware model of locking users out of their systems is being replaced by double and triple extortion strategies centered on data exfiltration. Picus reports a 38% decline in the use of encryption over the past 12 months. Attackers have found that the threat of public exposure of sensitive corporate information is often a more effective mechanism for extortion than system disruption. However, while encryption may be decreasing, overall ransomware activity remains high, with some vendors reporting a 40% increase in publicly reported victims.
Categories
Topics
Related Coverage
- The Chain of Vulnerability: How Geopolitics and AI-Driven Inequity Are Rewriting the Rules of Cybersecurity Risk
- Breakthrough Chaos Theory Encryption Turns Individual NHS Medical Scans Into Unhackable Fortresses Against Ransomware Attacks
- Cybersecurity Researchers Set New Standards for Malware Sandbox Analysis to Boost Threat Intelligence Efficiency
- Apple Set to Launch iOS 26.5 Featuring Encrypted RCS Messaging and New Annual Subscription Models