Copy, Paste, Ransom: Making Data Exfiltration As Easy As AzCopy
Varonis, Tuesday, March 3rd, 2026
Ransomware operators are ditching the usual tools for Microsoft's own AzCopy, turning a trusted Azure utility into a data exfiltration powerhouse.
When security professionals think about data exfiltration, specific tools such as Rclone or MegaSync immediately come to mind and tend to be the focus of detection efforts. However, today's threats are pivoting to the same tools IT teams use to stay undetected.
Varonis Threat Labs' forensic unit has uncovered ransomware operators using a trusted Azure utility, AzCopy, as a data exfiltration tool. The adoption of AzCopy and other familiar tools by attackers represents a similar logic to living off the land in the final and most critical phase of an operation: exfiltrating data out of an organization.