The move by attackers to try and steal data is one of the surging trends in ransomware. It can be done automatically by malware, or by hackers who have specifically targeted a network through several different means. Sadly, this has become the criminal norm and targeted hacks, often aimed at SMBs, governments, healthcare, transport and industry networks, are common. Criminals running campaigns using Maze ransomware, often attempt to steal data before deploying malicious encryption gives them two ways to blackmail an organisation. While it might seem easy for an organisation to replace and fix one of their compromised machines, recovering from a companywide attack, especially without backup, can be impossible to come back from. The order of events is essential here. If data is encrypted before data-stealing components of attacks are carried out, then the data stolen would be mostly useless to the attackers running these malware campaigns – so companies should put suitable cyber resilience plans in place to ensure IT infrastructure and data is secure.  Read Less