I’m reading an article from the Institute for Applied Network Security (IANS) titled "Ransomware 2.0: What It Is and What To Do About It", and there’s a piece I don’t understand. The article requires a subscription, but here’s the excerpt (emphasis mine):
[Attackers] typically threaten to release confidential data to the internet or dark web if the victim refuses to pay. This extortion tactic is fairly new and it is unclear whether it will become more prevalent. If it does, it is uncertain whether attackers will release the data they’ve exfiltrated (and even how much data they’ve exfiltrated in the first place). Obviously, the more data an attacker exfiltrates, the higher they raise their profile and the more likely they are to be caught before the encryption phase. Therefore, unlike attackers motivated by IP theft, Ransomware 2.0 attackers have an incentive to minimize their data exfiltration.
Why would attackers not follow through with the threat of releasing this data? Does exfiltrating more data give forensic scientists, network admins, and the like better insight into the anomalous and malicious behavior–and shouldn’t attackers sufficiently cover their tracks? If not, how is the attacker profile increased with the volume of exfiltrated data published?