Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Fortra: Modern Ransomware Is Really Data Extortion

Fortra
07/05/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


An end user accepts cookies on a free website, exchanging their data to access the content. Organizations collect personal information on their customers to support immediate sales, but also to find future deals or to inform product development. And in the AI arms race, models succeed or fail based on the volume and quality of data they are trained on. So what happens when you lose that data? Data that is protected by laws and compliance frameworks, data that can be used to further fraud or cyber attacks on users, data that gives organizations a competitive edge. This global data has exploded, reaching unprecedented zettabytes, zettabytes that are spread across SaaS platforms, cloud stores, on-premise databases, geolocations and jurisdictions. And the explosion of data and significance of data has not gone unnoticed by threat actors. Ransomware used to be more about losing access to your systems, but today it's more about losing ownership of the data and dealing with the fallout, unless you pay the extortion demand. Yet when you pay the ransomware Hydra, you might have chopped off the head threatening your organization, only for the beast to grow three more heads when the funds are reinvested into the criminal operations. Furthermore, how can you be sure that the criminals will honor their word, return the data and not come after a second extortion payment? But a data breach is not limited to malicious exfiltration. It can be publicly exposed data in a database or an accidental email from an employee on a stressful day. But even these data breaches have consequences from specific compliance fines to almost unquantifiable reputational damage. Today on the Art of Security, we're getting an exciting perspective on data breaches. Tyler and I will be comparing our security practitioner notes with Brent Arnold, a legal expert, litigator and data breach coach to lift the lid on what happens after a data breach occurs.

TL;DR

  • Modern ransomware has evolved from locking systems to stealing and extorting data, making data ownership the primary risk rather than operational downtime.
  • Paying ransom demands may fund further criminal operations — the 'Hydra' effect — and offers no guarantee that stolen data will be returned or not re-exploited.
  • Data breaches extend beyond malicious attacks to include accidental exposures, each carrying serious compliance penalties and reputational damage that are difficult to quantify.

Summary

This short-form clip from Fortra's Art of Security series reframes how security practitioners should think about ransomware. The central argument is that modern ransomware attacks have fundamentally shifted from disrupting system access to targeting data ownership — making extortion, not encryption, the primary threat. The clip opens by establishing data's growing value across commercial, regulatory, and AI contexts, noting that global data volumes have reached unprecedented zettabytes spread across SaaS platforms, cloud stores, on-premise databases, and multiple jurisdictions. Threat actors have taken notice. Paying a ransom is framed as feeding a 'Hydra' — eliminating one threat only to fund the criminal infrastructure that spawns more. The clip also broadens the breach definition beyond malicious exfiltration to include accidental exposure events, such as misconfigured databases or misdirected emails, each carrying compliance fines and reputational consequences. The segment teases a full episode featuring Brent Arnold, a legal expert, litigator, and data breach coach, who joins security practitioners to examine what actually happens in the aftermath of a breach — the legal, regulatory, and operational fallout that most security teams are unprepared to navigate.

Chapters

0:00 - Why Data Has Value
0:21 - Consequences of Data Loss
0:52 - Ransomware as Extortion
1:21 - Accidental Breaches & Legal Fallout

Key Quotes

0:52 "Ransomware used to be more about losing access to your systems, but today it's more about losing ownership of the data and dealing with the fallout, unless you pay the extortion demand."
1:03 "When you pay the ransomware Hydra, you might have chopped off the head threatening your organization, only for the beast to grow three more heads when the funds are reinvested into the criminal operations."
1:13 "How can you be sure that the criminals will honor their word, return the data and not come after a second extortion payment? ..."
1:31 "Even these data breaches have consequences from specific compliance fines to almost unquantifiable reputational damage."

FAQ

Why is paying a ransomware demand considered risky?

Paying a ransom may eliminate the immediate threat but funds the criminal operation behind it, potentially enabling further attacks. There is also no guarantee that criminals will return the stolen data or refrain from demanding a second payment.

Are data breaches only caused by malicious hackers?

No. The clip explicitly notes that breaches also result from accidental exposures — such as publicly accessible databases or misdirected employee emails — which still carry compliance fines and significant reputational damage.


Categories:
  • » Data Protection » Backup & Recovery
  • » Cybersecurity » Data Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Threat Intelligence
  • Data Protection
  • Security Operations
  • Compliance & Governance
  • short_form
  • Ransomware evolution
  • Data extortion
  • Data breach consequences
  • Compliance and regulatory risk
  • Reputational damage
  • Cybercriminal economics
  • Data governance
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Fortra: Modern Ransomware Is Really Data Extortion

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version