{"id":112197,"date":"2025-07-17T08:15:55","date_gmt":"2025-07-17T15:15:55","guid":{"rendered":"https:\/\/www.backblaze.com\/blog\/?p=112197"},"modified":"2025-12-11T12:27:05","modified_gmt":"2025-12-11T20:27:05","slug":"ai-ransomware-inside-the-exfiltration-playbook","status":"publish","type":"post","link":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/","title":{"rendered":"AI &#038; Ransomware: Inside the Exfiltration Playbook"},"content":{"rendered":"\r\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1440\" height=\"820\" class=\"wp-image-112198\" src=\"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png\" alt=\"A decorative image show icons related to security and ransomware. \" srcset=\"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png 1440w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration-300x171.png 300w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration-1024x583.png 1024w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration-768x437.png 768w\" sizes=\"auto, (max-width: 1440px) 100vw, 1440px\" \/><\/figure>\r\n\r\n\r\n\r\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\">\u00a0<\/div>\r\n\r\n\r\n\r\n<p>Ransomware used to mean locked files and paralyzed systems. But today, bad actors are just as focused on exfiltration\u2014the silent theft of sensitive data\u2014and using that data as leverage for extortion.<\/p>\r\n\r\n\r\n\r\n<p>According to cybersecurity firm BlackFog, <a href=\"https:\/\/www.blackfog.com\/blackfogs-2024-state-of-ransomware-report-reveals-record-breaking-year-for-attacks\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">94% of successful cyberattacks in 2024 involved data exfiltration<\/a>, either alongside or instead of encryption. Whether it&#8217;s stolen patient records, credentials, or source code, the goal is simple: Extract something valuable and threaten to leak it if demands aren&#8217;t met.<\/p>\r\n\r\n\r\n\r\n<p>In this article, we examine how exfiltration became a leading tactic, the trends driving its rise, and what organizations\u2014and cloud storage providers\u2014can do to defend against it.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What is exfiltration?<\/h2>\r\n\r\n\r\n\r\n<p>In cybersecurity, exfiltration refers to the unauthorized transfer of data from a system\u2014often done stealthily, and almost always with malicious intent. Think of it as the digital equivalent of corporate espionage: Data is copied, compressed, and quietly smuggled out. Unlike ransomware encryption, which slams the door in your face, exfiltration leaves the front door looking untouched.<\/p>\r\n\r\n\r\n\r\n<p>The data being exfiltrated is rarely random. Cybercriminals are increasingly strategic about what they take and why. Common targets include:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>User credentials<\/li>\r\n\r\n\r\n\r\n<li>Personally identifiable information (PII)<\/li>\r\n\r\n\r\n\r\n<li>Intellectual property and source code<\/li>\r\n\r\n\r\n\r\n<li>Encryption keys<\/li>\r\n\r\n\r\n\r\n<li>Shadow copies or backup snapshots<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Tactics include exploiting cloud storage misconfigurations, hijacking legitimate credentials, or disguising traffic as everyday protocols like DNS or HTTPS. Increasingly, data exfiltration happens before the main event\u2014laying the groundwork for extortion, credential stuffing, or resale on underground markets.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Recent cybersecurity trends related to exfiltration<\/h2>\r\n\r\n\r\n\r\n<p>Exfiltration has become the defining feature of modern cyberattacks, and the evidence is growing:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>Double extortion is now standard.<\/strong> Threat actors exfiltrate data first, then deploy ransomware\u2014or skip the encryption altogether\u2014to maximize leverage. According to the <a href=\"https:\/\/start.paloaltonetworks.com\/2023-unit42-ransomware-extortion-report\" target=\"_blank\" rel=\"noreferrer noopener\">2023 Unit 42 Report<\/a>, 70% of ransomware incidents involved data theft.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>Infostealers, malicious programs designed to covertly harvest sensitive information, are on the rise.<\/strong> Over 2.1 billion credentials were stolen in 2024 alone, with malware like RedLine and Lumma making theft accessible to low-skilled attackers. While cybersecurity task forces (comprised of both government and enterprise actors) have made the news with <a href=\"https:\/\/www.wired.com\/story\/lumma-stealer-takedown-disrupted\/\" target=\"_blank\" rel=\"noreferrer noopener\">high-profile disruptions<\/a> of Lumma and other tools, the ability to use generative AI coding tools has meant that cyber attackers have a shortened time to deployment for malware tools.<\/li>\r\n\r\n\r\n\r\n<li><strong>Time to exfiltration is shrinking.<\/strong> <a href=\"https:\/\/www.fortinet.com\/resources\/reports\/threat-landscape-report\" target=\"_blank\" rel=\"noreferrer noopener\">Fortinet&#8217;s 2025 Threat Landscape Report<\/a> notes that attackers can extract data in under five hours, while defenders often take days to respond.<\/li>\r\n\r\n\r\n\r\n<li><strong>Encrypted traffic masks malicious behavior.<\/strong> Emerging exfiltration techniques like QUIC-Exfil use modern, encrypted protocols to <a href=\"https:\/\/arxiv.org\/abs\/2505.05292\" target=\"_blank\" rel=\"noreferrer noopener\">evade detection by traditional firewalls<\/a>.<\/li>\r\n\r\n\r\n\r\n<li><strong>State-sponsored actors prioritize stealth.<\/strong> Nation-state groups like Volt Typhoon have used long-term access to <a href=\"https:\/\/www.washingtonpost.com\/technology\/2025\/07\/16\/china-hacking-us-targets\" target=\"_blank\" rel=\"noreferrer noopener\">exfiltrate sensitive data undetected for months<\/a>.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Together, these trends point to a world where stolen data is the main prize\u2014and the threat doesn\u2019t start when the ransom note arrives. It starts when your data quietly leaves the building.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Cloud misconfiguration and its role in exfiltration attacks<\/h2>\r\n\r\n\r\n\r\n<p>Exfiltration doesn&#8217;t always require malware\u2014sometimes it only takes a misconfigured storage bucket or firewall rule. <a href=\"https:\/\/www.csoonline.com\/article\/573515\/how-to-avoid-cloud-misconfigurations.html\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud misconfigurations remain a leading cause of breaches<\/a>, with public buckets, excessive identity and access management (IAM) privileges, and overly permissive network rules exposing data to the open internet.<\/p>\r\n\r\n\r\n\r\n<p>Attackers exploit these gaps to quietly access or extract data without triggering alerts. A strong cloud posture management strategy\u2014one that includes audit automation, implementing the principle of least privilege, and configuring features like <a href=\"https:\/\/www.backblaze.com\/blog\/digging-deeper-into-object-lock\/\" target=\"_blank\" rel=\"noreferrer noopener\">Object Lock<\/a> or <a href=\"https:\/\/www.backblaze.com\/blog\/preview-bucket-access-logs-for-greater-visibility-and-control\/\" target=\"_blank\" rel=\"noreferrer noopener\">Bucket Access Logs<\/a>\u2014is critical to reducing exposure.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Defending against exfiltration is a shared responsibility<\/h2>\r\n\r\n\r\n\r\n<p>As exfiltration becomes a primary threat, defense requires collaboration between cloud storage providers and their customers. Here\u2019s how the most effective strategies work together.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">Immutable backups and Object Lock<\/h3>\r\n\r\n\r\n\r\n<p>One of the strongest defenses is immutability. <a href=\"https:\/\/www.backblaze.com\/blog\/object-lock-101-protecting-data-from-ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Backblaze B2\u2019s Object Lock<\/a>, for example, allows files to be written once and protected from modification, deletion, or encryption for a set period. Even if attackers compromise credentials, the data cannot be altered or removed.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">Visibility and outlier detection<\/h3>\r\n\r\n\r\n\r\n<p>Cloud providers are investing in making advanced logging and behavioral analytics available to users to detect data theft in real time. Some examples of these types of features include:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>Granular access logging<\/strong> with IP and user-level metadata.<\/li>\r\n\r\n\r\n\r\n<li><strong>Rate limiting<\/strong> and download caps to prevent mass theft.<\/li>\r\n\r\n\r\n\r\n<li><strong>Outlier detection<\/strong> powered by machine learning to catch subtle deviations from baseline activity.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Best practices for customers<\/h2>\r\n\r\n\r\n\r\n<p>Storage-layer defenses work best when paired with customer-side security controls:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>Adopt zero trust architecture<\/strong>: Never assume implicit trust. Continuously validate users, devices, and behaviors.<\/li>\r\n\r\n\r\n\r\n<li><strong>Use MFA and least-privilege access<\/strong>: Lock down credentials, rotate them regularly, and minimize exposure.<\/li>\r\n\r\n\r\n\r\n<li><strong>Encrypt data at rest and in transit<\/strong>: Use strong encryption standards (AES-256, TLS 1.2+) and managed key systems.<\/li>\r\n\r\n\r\n\r\n<li><strong>Monitor for exfiltration indicators<\/strong>: Watch for abnormal traffic volumes, geographic anomalies, and unexpected protocol usage.<\/li>\r\n\r\n\r\n\r\n<li><strong>Run simulated breach drills<\/strong>: <a href=\"https:\/\/www.backblaze.com\/blog\/dr-101-how-to-test-your-dr-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Test your team\u2019s ability<\/a> to detect and respond to stealthy data leaks.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Cloud storage companies can help provide critical security layers, but stopping exfiltration is ultimately a shared responsibility. Combining provider-level resilience with customer vigilance is the best path forward.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">In a world of silent theft, vigilance is your best defense<\/h2>\r\n\r\n\r\n\r\n<p>Exfiltration isn\u2019t just an add-on to ransomware. In this environment, locking the doors isn\u2019t enough\u2014You need to monitor the exits.<\/p>\r\n\r\n\r\n\r\n<p>By combining immutable backups, smart logging, credential controls, and proactive monitoring, organizations can shift from passive victims to active defenders. The best defenses today aren\u2019t just about blocking access; they\u2019re about knowing what\u2019s leaving and making sure it can\u2019t be used against you.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>Exfiltration has become a key tactic in cyber attacks, and cloud misconfigurations contribute to its success in undermining enterprises. Let&#8217;s talk about important trends and best practices. <\/p>\n","protected":false},"author":182,"featured_media":112198,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[7,434,438,475],"tags":[489,468,351],"class_list":["post-112197","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-storage","category-featured-1","category-featured-cloud-storage","category-ransomware","tag-ai-ml","tag-b2cloud","tag-ransomware","entry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Exfiltration Ransomware: Inside the AI &amp; Ransomware Playbook<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Exfiltration Ransomware: Inside the AI &amp; Ransomware Playbook\" \/>\n<meta property=\"og:description\" content=\"Exfiltration has become a key tactic in cyber attacks, and cloud misconfigurations contribute to its success in undermining enterprises. Let&#039;s talk about important trends and best practices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/\" \/>\n<meta property=\"og:site_name\" content=\"Backblaze Blog | Cloud Storage &amp; Cloud Backup\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/backblaze\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-17T15:15:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-11T20:27:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"820\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Stephanie Doyle\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@backblaze\" \/>\n<meta name=\"twitter:site\" content=\"@backblaze\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stephanie Doyle\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Exfiltration Ransomware: Inside the AI & Ransomware Playbook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/","og_locale":"en_US","og_type":"article","og_title":"Data Exfiltration Ransomware: Inside the AI & Ransomware Playbook","og_description":"Exfiltration has become a key tactic in cyber attacks, and cloud misconfigurations contribute to its success in undermining enterprises. Let's talk about important trends and best practices.","og_url":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/","og_site_name":"Backblaze Blog | Cloud Storage &amp; Cloud Backup","article_publisher":"https:\/\/www.facebook.com\/backblaze","article_published_time":"2025-07-17T15:15:55+00:00","article_modified_time":"2025-12-11T20:27:05+00:00","og_image":[{"width":1440,"height":820,"url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png","type":"image\/png"}],"author":"Stephanie Doyle","twitter_card":"summary_large_image","twitter_creator":"@backblaze","twitter_site":"@backblaze","twitter_misc":{"Written by":"Stephanie Doyle","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#article","isPartOf":{"@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/"},"author":{"name":"Stephanie Doyle","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/person\/688f3962fd24d8155ef726bc94d75058"},"headline":"AI &#038; Ransomware: Inside the Exfiltration Playbook","datePublished":"2025-07-17T15:15:55+00:00","dateModified":"2025-12-11T20:27:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/"},"wordCount":922,"commentCount":0,"publisher":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#primaryimage"},"thumbnailUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png","keywords":["AI\/ML","B2Cloud","Ransomware"],"articleSection":["Cloud Storage","Featured","Featured-Cloud Storage","Ransomware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/","url":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/","name":"Data Exfiltration Ransomware: Inside the AI & Ransomware Playbook","isPartOf":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#primaryimage"},"image":{"@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#primaryimage"},"thumbnailUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png","datePublished":"2025-07-17T15:15:55+00:00","dateModified":"2025-12-11T20:27:05+00:00","breadcrumb":{"@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#primaryimage","url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png","contentUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png","width":1440,"height":820,"caption":"A decorative image show icons related to security and ransomware."},{"@type":"BreadcrumbList","@id":"https:\/\/www.backblaze.com\/blog\/ai-ransomware-inside-the-exfiltration-playbook\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/"},{"@type":"ListItem","position":2,"name":"AI &#038; Ransomware: Inside the Exfiltration Playbook"}]},{"@type":"WebSite","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#website","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/","name":"Backblaze Cloud Solutions Blog","description":"Cloud Storage &amp; Cloud Backup","publisher":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization","name":"Backblaze","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.backblaze.com\/blog\/wp-content\/uploads\/2017\/12\/backblaze_icon_transparent.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.backblaze.com\/blog\/wp-content\/uploads\/2017\/12\/backblaze_icon_transparent.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"Backblaze"},"image":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/backblaze","https:\/\/x.com\/backblaze","https:\/\/www.youtube.com\/user\/Backblaze","https:\/\/en.wikipedia.org\/wiki\/Backblaze"]},{"@type":"Person","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/person\/688f3962fd24d8155ef726bc94d75058","name":"Stephanie Doyle","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2022\/12\/headshot-4-1-e1670452405672-150x150.jpg","url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2022\/12\/headshot-4-1-e1670452405672-150x150.jpg","contentUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2022\/12\/headshot-4-1-e1670452405672-150x150.jpg","caption":"Stephanie Doyle"},"description":"Stephanie is the Associate Editor &amp; Writer at Backblaze. She specializes in taking complex topics and writing relatable, engaging, and user-friendly content. You can most often find her reading in public places, and can connect with her on LinkedIn.","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/author\/stephanie\/"}]}},"jetpack_featured_media_url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2025\/07\/Backblaze-AI-Ransomware-Exfiltration.png","_links":{"self":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts\/112197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/users\/182"}],"replies":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/comments?post=112197"}],"version-history":[{"count":0,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts\/112197\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/media\/112198"}],"wp:attachment":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/media?parent=112197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/categories?post=112197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/tags?post=112197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}