Hackers have been destroying more corporate data or encrypting it for ransom instead of merely stealing it, a top cyber security firm said.

FireEye Inc feye , the U.S. company most widely known for its Mandiant arm’s investigations of high-profile breaches, said in a report on trends over the past year that so-called ransomware had afflicted hundreds of companies in addition to consumers.

Less commonly, hackers have been using destructive tools like those that temporarily crippled Sony Corp’s snejf Sony Picture Entertainment networks and also hurt Sands Las Vegas Corp, FireEye said.

“I definitely would not characterize it as common, but it is something we are seeing more of,” Mandiant Vice President, Marshall Heilman said. “There are a couple more [victim] companies that haven’t gone public.”

Heilman also said that Chinese attacks have gone down as a percentage of the cases that Mandiant is working, though that might be largely because attacks from Russia and elsewhere are becoming more common.

The Unites States and China reached an agreement last year to cooperate on reducing economic cyber-espionage, and some security companies have noted a decrease or at least shift in operations from China.