A new ransomware group dubbed Industrial Spy that first emerged in April 2022 is specializing in exfiltration and double extortion tactics and has the potential to do significant damage, Zscaler’s threat tracking team said.The threat crew has shown that it possesses the capability to breach organizations and have been “actively adding unencrypted data from two- three victims every month,” Zscaler said. In some instances, the threat group appears to only exfiltrate and ransom data. In other cases, they encrypt, exfiltrate and ransom data, the San Jose, California-based cloud security provider said.Industrial Spy started by ransoming stolen data and more recently has combined these attacks with ransomware. The threat group exfiltrates and sells data on their dark web marketplace, but does not always encrypt a victim’s files. The ransomware utilizes a combination of RSA and 3DES to encrypt files. Industrial Spy lacks many common features present in modern ransomware families. The Industrial Spy ransomware family is relatively basic and parts of the code appear to be in development.