The current trend in crypto-locking or ransomware is to steal the data before encrypting it, and then auctioning it off to the highest bidder, OR using its disclosure as blackmail to get paid.
Related and in the news, the University of Utah paid their ransom to avoid data disclosure to the tune of $457,000.
You can read about it here if you want more info:
A quote from the article: “Because more organizations are now better prepared to recover from a ransomware attack by using backups to regain access to data that was encrypted, attackers are also exfiltrating data and threatening to leak it if a ransom is not paid.”
With this type of tactic, prevention is more important than ever, followed closely by detection. No longer can an IT department say we are protected because we have backups and can restore from them. As a side note, the bad guys are in the network long before they encrypt everything meaning that simply restoring from backups also restores their access.
Director of Security Services
Mainstream Technologies Inc.