Criminals have started moving away from Ransomware, which targets a single PC, to a process where the criminal encrypts the website’s databases and holds them hostage. The entire database itself wasn’t encrypted though, the attackers only focused on the most critical fields so as not to impact application performance. Hackers were silently waiting, while backups were being overwritten by the recent versions of the database. At the day X, hackers removed the key from the remote server, website went out of service, and hackers demanded a ransom for the encryption key.”]
Source: https://www.csoonline.com/article/2877197/criminals-holding-compromised-websites-for-ransom.html