The Evolution of Ransomware
Initially, ransomware was confined to a single host. A single user could lose their files, but ransomware was not able to move across an entire network. Companies and end users were advised to back up their data with the intent of being able to recover much, if not all, mission-critical information in the event they were attacked with ransomware.
Then the threat evolved. Around 2015, researchers began to see the emergence of "post-intrusion" attacks, where the criminals gain access to an environment and then stage a ransomware attack from within the network in order to cause as much damage as possible. Next, in 2019, the emergence of 'name and shame' began: criminals stealing data before they encrypt it and then threatening to leak it online if their ransom demands aren't met.
And now, the threat is evolving again. Some groups are abandoning the encryption component and focusing purely on name and shame. Threatening to leak stolen data is an excellent tactic to encourage victims to pay the ransom. From a threat actor's perspective, when they are in that post-encryption/pre-payment phase, they have expended effort—which can be viewed as cost from their point of view—and they have yet to gain anything in return. So, anything which can be further encouragement to make victims pay is considered good for their business from their point of view.
This shift in tactics may also be because the technique scales better; furthermore, recent cases where the disruption caused by the encryption in the attack (Colonial Pipeline being a recent example) has led to scrutiny by law enforcement of these cybercriminals. Attacks that simply steal data without encrypting it can be much harder to detect, harder to stop, and less costly for the threat actor.