A new actor tracked as SnapMC has emerged in the cybercrime space, performing the typical data-stealing extortion that underpins ransomware operations, but without doing the file encryption part.
File encryption is considered a core component of ransomware attacks, as it's the very element that brings operational disruption to the victim.
Data exfiltration for purposes of double extortion came later as an additional form of leverage against a victim, but always took a back seat to the mayhem caused by an encrypted network
Soon,
ransomware actors realized the power of this approach as many companies could restore the corrupted files from backups, but couldn’t possibly revert the file-stealing event and its consequences.