// Blog / News

Ransomware now steals your data first: why backups are no longer enough

Cybersecurity 6 min read intrasec
Share

Ransomware has quietly changed shape, and the 2026 numbers make it official. The old picture, criminals scramble your files and you pay for the key, is now only half the story. Today's crews steal your data first and threaten to publish it, and increasingly they skip the encryption altogether. For a small Canadian business, that shift matters, because the thing you were told would save you, good backups, no longer covers the whole risk.

The 2026 numbers

Fortinet's 2026 Global Threat Landscape Report counted 7,831 confirmed ransomware victims in a single year, a 389% jump, and pointed at AI crime kits (tools sold to make attacks easy) as a major accelerant. The targets are ordinary businesses: manufacturing, business services, and retail topped the list, and Canada had hundreds of named victims. Just as telling, the same research found a 79% rise in stolen datasets, with information-stealing malware now dominating what is traded on criminal markets. The money side is heavy too: IBM puts the average data breach in Canada at roughly $7 million, up more than 10% in a year.

Why backups alone are no longer enough

Backups solve one problem brilliantly: getting your systems back after they are locked or wiped. They were the answer to classic ransomware, restore from a clean copy and refuse to pay. But you cannot restore your way out of a leak. When the attacker has already copied your customer records, contracts, and internal files, they do not need your systems at all; the threat is "pay us or we publish." This is "double extortion," and for many crews the data theft is now the main event and the encryption is optional. A perfect backup still leaves you facing a breach, a possible public leak, and the legal duties that come with it.

What this means for a small business

First, drop the "we are too small" idea: the data shows small and mid-sized businesses are the primary targets now, precisely because their defences are lighter. Second, the job is now two-sided. You have to make the data hard to steal in the first place, and be ready for the day some of it gets out anyway:

  • Make theft harder: the fundamentals still do most of the work, MFA everywhere, fast patching, phishing-aware staff, and least-privilege access so one compromised account cannot reach everything.
  • Keep the backups: they are still essential for recovery and for refusing to pay to get your systems back, just no longer sufficient on their own.
  • Be ready for the leak: have an incident response plan and know your breach-notification duties before you need them.
  • Use the tools to your advantage: IBM found organizations using security AI and automation paid far less per breach (about $5.2M versus $8.5M), the same automation the attackers use can cut your costs too.

Sources:Fortinet, The Fortinet 2026 Global Threat Landscape Report Reveals a Surge in AI-Enabled Cybercrime, Contributing to a 389% Increase in Ransomware Victims Year-over-YearIBM, Canadians' Data Security Under Increased Threat, While Breach Costs Surge

Want a ransomware plan that covers the leak, not just the lock?

Talk to us

Related

Guide Cybersecurity Jun 1, 2026

Backup and recovery: the 3-2-1 rule explained

The 3-2-1 rule, why an untested backup is just a hope, and how good backups turn a ransomware hit into an inconvenience.

Read article →
Guide Compliance Jun 29, 2026

Data breach notification: what a Canadian small business must do

When you must report a breach, who to notify, what the notice needs, and the records you must keep.

Read article →
Service

Managed Security

Monitoring, fast response, and a tested plan for the day data theft turns into an extortion demand.

Learn more →