Blog / Identity Theft

What is cyber extortion? Definition, types, and tips to protect yourself

Cyber extortion occurs when attackers demand money to keep sensitive data private or stop harmful actions, such as spreading malware, and it is one of the most concerning cyber threats today. It's no longer just a problem for large companies or government agencies — hackers are now targeting private individuals and small businesses using more advanced methods. But with the right cyber extortion protection strategies, you can minimize risks and stay more secure online. In this article, we will discuss what cyber extortion is, its various forms, what to do if you’re targeted, and how to protect yourself before you are.

Author image

Aurelija Skebaitė

April 10, 2025

14 min read

What is cyber extortion?

Cyber extortion happens when a hacker breaks into a person’s or company’s network and demands a ransom, often by stealing sensitive data and threatening to leak it, locking users out of systems, or both. The goal is to pressure the victim into paying to stop the attack or regain access.

Cyber extortion comes in many forms. Ransomware encrypts critical files until a payment is made. Doxing threatens to leak private or embarrassing information. Some cyberattacks involve shutting down a business’s website or services unless demands are met.

Cyber extortion is all about threats. Hackers use stolen information, malware, or system takeovers to pressure victims into paying up. Since these attacks happen online, criminals can operate from anywhere in the world, making them hard to track down. Hackers take advantage of security gaps, and the anonymity of the internet makes catching them difficult.

Cyber extortionist definition

A cyber extortionist is someone who uses online threats to pressure victims into paying a ransom. They hack into systems, steal sensitive data, or disrupt critical services, then demand payment to stop the attack. These criminals are often hard to catch. They hide behind anonymous accounts, use encrypted communication, and cover their tracks with advanced techniques, making it difficult for authorities to track them down.

What are the types of cyber extortion?

Cyber extortion isn’t just one type of attack — it can take various forms, each with its own way of trapping victims. Some involve locking people or businesses out of their own computer networks, while others simply use stolen data as leverage. No matter what the method is, the goal is to get what they want, which usually is money. Below are the most common kinds of cyber extortion so you know what to watch for.

Ransomware

Ransomware is one of the most well-known forms of cyber extortion. It’s a type of malware that locks you out of your own files or entire system by encrypting them. The attacker then demands a ransom (usually in cryptocurrency) to give you back the access.   

Victims of ransomware attacks are often given a time window within which they must pay the ransom. If not, they are threatened with the risk of losing the data forever or having sensitive information exposed. Paying the ransom, however, does not guarantee that the attacker will actually stop the attack. They can simply leave you out of money and still locked out.

Some ransomware attacks take it even further. Before locking your files, the hacker may also steal your data and threaten to leak or sell it unless you pay up.  

DDoS attacks

A distributed denial-of-service (DDoS) attack happens when an attacker floods a target’s servers, websites, or networks with so much malicious or automated traffic that legitimate users can’t get through anymore. While not always the case, sometimes the attacker also demands a ransom to stop the attack and restore service — a tactic known as ransom DDoS or RDoS.

DDoS attacks can be a nightmare for businesses. They often result in service outages, website crashes, and even loss of revenue and customer trust. These cyberattacks are usually carried out using botnets — networks of hijacked devices that send overwhelming traffic to the target. While some attackers may use DDoS as a stand-alone extortion method, others may combine it with threats to leak stolen data or cause further damage.

Doxxing

Doxxing (or simply doxing) is the act of publicly releasing private or sensitive data about an individual without their consent. This information can include anything from home addresses, phone numbers, and email addresses to Social Security numbers, financial details, and even personal photos. Threat actors use this information as leverage for cyber blackmail, threatening to leak it unless the victim pays up.

It’s a nasty form of online harassment, and in some cases, attackers take it even further by making threats of violence or other physical harm. While doxxing usually targets high-profile individuals, like celebrities, politicians, or influencers, everyday people aren’t off-limits. The fallout can be serious — victims might face stalking, identity theft, or damage to their reputation, leaving them feeling vulnerable and powerless.

Data extortion

Data extortion happens when cybercriminals steal sensitive information like intellectual property, financial records, or personal details from a victim’s systems. They then demand a ransom in exchange for not releasing the stolen data to the public, selling it, or using it for malicious purposes like identity theft or fraud.

Data extortion is particularly concerning for businesses because highly sensitive and confidential data like trade secrets, customer data, or confidential documents often hold the most value. Cybercriminals know this information can cause the most harm, which makes it their prime target. The potential damage to a company’s reputation, plus the risk of legal penalties and financial loss, can make organizations feel pressured to pay up. Unfortunately, giving in may just encourage more cyberattacks down the road.

Email-based cyber extortion

Email-based cyber extortion usually starts with a threatening email from an attacker who claims to have compromising information about the victim. The extortionist might say they’ve hacked into the victim’s devices or email account and demand a ransom to keep the information private.

The attacker may use intimidation tactics or social engineering to create fear and panic and pressure the victim into paying. While this type of extortion usually targets private individuals, businesses aren’t immune either. 

Software vulnerability extortion

In software vulnerability extortion, cybercriminals look for weaknesses or security flaws in an organization's software or network systems. Once they find a vulnerability, they threaten to exploit it by stealing data, shutting down services, or exposing it online unless a ransom is paid. Often, these cyberattacks are carried out by cybercriminals with technical expertise, who can gain unauthorized access to the victims’ systems without being noticed.

Sometimes attackers will even show a "proof of concept," demonstrating how they can exploit the flaw. They do so to add extra pressure on the victim and make it harder for them to ignore the demands.

Sextortion

Sextortion is a type of cyber extortion where the attacker threatens to release explicit images or videos of the victim. This attack usually begins with the attacker stealing personal or intimate photos, either through hacking or social engineering. The attacker then uses this private material to blackmail the victim, demanding money to prevent the release of the content.

Sextortion can be especially distressing because it invades the victim’s privacy and targets their emotions, often playing on feelings of shame. It's become increasingly common among young people and teenagers, who may feel especially vulnerable to this kind of manipulation.

The emotional and psychological toll of sextortion can be devastating. Victims may feel humiliated and scared, especially when the attacker threatens to share intimate content with their family, friends, or coworkers.

How does cyber extortion work?

Cyber extortion typically follows a similar pattern, with cybercriminals gaining access to their victim’s systems or data and then escalating threats to demand payment. Here’s how cyber extortion works:

  1. Initial attack. The cyber extortionist gains unauthorized access to the victim’s computer system or personal data. They might use methods like hacking, phishing, exploiting software weaknesses, or social engineering to do so.
  2. Disruption. Once the attacker is inside, they create leverage for blackmail. They might steal valuable data, encrypt it, or disrupt critical operations —  anything that would be worth paying for.
  3. Ransom demand. After taking control, the attacker contacts the victim and demands a ransom to restore access, stop an ongoing attack, or prevent the release of sensitive information. Threat actors often demand a ransom be paid in cryptocurrency since it’s much harder to track.
  4. Pressure tactics. To make the victim question their better judgment and act quickly, the attacker will increase the pressure by threatening to harm their reputation, expose personal or confidential data, or continue disrupting services if the ransom isn’t paid. These threats often play on the victim’s fear, anxiety, and shame to escalate the situation.
  5. Aftermath. If the victim pays, the attacker might (but not always) provide the decryption key, stop the attack, or keep the stolen data from being leaked. However, paying the ransom doesn’t guarantee the attack will stop. In some cases, paying the ransom may embolden attackers to continue extorting the victim.

Who do cyber extortionists target?

Cyber extortionists usually target businesses and high-profile individuals because of the potential financial rewards, but private individuals are no exception. These criminals don’t care who they go after — they’re just after the money or some sort of leverage. Examples of targets include:

  • Large corporations. They often hold valuable data or critical systems that hackers can target.
  • Smaller businesses. Smaller companies might not have the same strong security measures as larger ones, which makes them easier targets for cyber extortion.
  • Healthcare providers. Hospitals, clinics, and other healthcare organizations store highly sensitive patient information, which can make an appealing target for cybercriminals looking to extort money in exchange for protecting it.
  • Financial institutions. Banks, payment processors, and other financial services are high-value targets because of the large sums of money they handle. Threat actors may go after them to steal funds or hold sensitive data for ransom.
  • Government entities. Local, state, and federal agencies are often targeted because of the sensitive information they manage. Hackers might try to exploit weak spots in public systems to hold them hostage or cause disruptions.
  • Critical infrastructure. Power grids, water systems, and transport networks are necessary for a nation’s well-being. Cybercriminals may target these areas to cause major disruptions, knowing that even a short-term failure can have big consequences.
  • High-profile individuals. Celebrities and politicians are often targets because their victimization can make big headlines. Plus they tend to be wealthy, and the rewards are all these criminals care about.
  • Private individuals. Everyday people, especially younger ones, can be targeted with threats to release embarrassing photos or information, making them vulnerable to cyber extortion.

Real-life cyber extortion examples

Over the years, we've seen plenty of high-profile cyber extortion cases that show just how far these criminals will go. Some of the most notable cyber extortion incidents in recent years include:

  • The Colonial Pipeline attack (2021). One of the largest cyber extortion incidents in history hit the Colonial Pipeline, the largest U.S. oil pipeline operator. Hackers from a group called DarkSide locked up the company’s computer network and demanded a ransom to regain access. Although the pipeline itself wasn’t directly compromised, Colonial shut down operations as a precaution. The attack lasted for five days, causing fuel shortages across the eastern U.S. until Colonial Pipeline gave in and paid a ransom of $4.4 million.
  • The Garmin ransomware attack (2020). Garmin, a global leader in GPS technology, was hit by a ransomware attack that disrupted its services for several days. The hackers locked up Garmin’s systems, including services for fitness tracking, health data, and aviation navigation. Garmin had to shut down many of its services for several days. While they never confirmed if they paid the ransom, they did manage to restore everything after some downtime.
  • The Baltimore ransomware attack (2019). In 2019, Baltimore was paralyzed by a ransomware attack that took down the city government’s entire computer network and databases. The attackers, believed to be a part of a cybercrime group from Eastern Europe, demanded a ransom of 13 Bitcoin (around $76,280 at the time) in exchange for decrypting the files and restoring the systems. Baltimore refused to pay, but it took months to recover, costing the city more than $18 million in lost services and recovery efforts.

What are the consequences of cyber extortion?

The fallout from a cyber extortion attack can be devastating and hit you in ways that go beyond just the loss of money. Here’s how it can affect you:

  • Financial loss. Cyber extortion incidents can take a heavy financial toll because ransom demands usually range from thousands to millions of dollars. On top of that, victims often end up spending even more on professional help to recover lost data and upgraded security measures to prevent other cyberattacks in the future. 
  • Reputational damage. A cyber extortion attack can severely damage a company’s or person’s reputation. Customers may lose trust in the business, especially if their personal data is compromised. For individuals, attackers might threaten to leak embarrassing photos, personal messages, or financial information, leaving victims feeling exposed and vulnerable.
  • Legal and regulatory consequences. If your personal data is exposed due to cyber extortion, you could become a victim of fraud or identity theft, which will lead to legal headaches like having to prove you didn’t take out a fraudulent loan. Businesses, on the other hand, have to follow strict data protection laws. If they fail to protect sensitive customer information, they can be hit with lawsuits, fines, or investigations.
  • Operational disruption. For businesses, a cyber extortion attack can disrupt operations. Even after it’s over, it can bring lasting setbacks — lost productivity, frustrated customers, and reputational damage.
  • Psychological impact. Cyber extortion isn’t just about money. It takes a mental and emotional toll, too. Sextortion, in particular, can leave victims feeling helpless, ashamed, and afraid to ask for help.

What to do if you become a victim of cyber extortion

If you become a victim of a cyber extortion attack, you must act quickly but also stay level-headed. Here are the steps you should follow:

  1. Disconnect affected devices. If you suspect malicious software or ransomware is involved, immediately disconnect affected devices from the network to prevent further spread or damage.
  2. Collect evidence. Do not delete any emails, messages, or files related to the extortion. Take screenshots, save communications, and document any evidence. This evidence may be crucial for law enforcement investigations.
  3. Report the incident. Contact local law enforcement and report the cyber extortion. You can also report the incident to cybersecurity organizations or a government agency, such as the FBI's Internet Crime Complaint Center (IC3).
  4. Do not pay the ransom. Paying the ransom does not guarantee that the attacker will honor their promise, and it encourages the criminal to continue their attacks on others.
  5. Notify affected parties. If any personal or sensitive information is exposed, tell those affected, like customers or employees, so they can protect themselves from fraud or identity theft.
  6. Watch for suspicious activity. If your personal information was involved, look for signs of identity theft, such as unusual activity in your financial accounts or calls about unauthorized loans.
  7. Seek professional help. Reach out to a cybersecurity expert who can assess the situation, help stop the attack, guide you through the recovery process, and ensure that your data is protected moving forward.

How to protect yourself from cyber extortion

The best way to avoid the ramifications of cyber extortion is to be proactive and use strong security measures. Here are some of the ways you can protect your business and yourself:

  • Regularly update software and operating systems to patch vulnerabilities that cybercriminals may exploit.
  • Educate employees on best cybersecurity practices and ways to recognize phishing attempts.
  • Make the use of strong, unique passwords and multi-factor authentication a habit.
  • Regularly back up important data to secure offline locations to ensure you can recover your files if needed. 
  • Restrict access to sensitive data and implement strict access controls. Encrypt sensitive data to make it more difficult for attackers to gain access to valuable information.
  • Be wary of unexpected emails or messages, especially if they come from unknown sources, and urge you to act quickly.
  • Use trusted identity theft protection services like NordProtect to help safeguard your identity and provide you with expert guidance in case of an attack. NordProtect’s identity theft protection service includes cyber extortion coverage, which means you’ll get professional support in case of an attack.

FAQ

Is cyber extortion the same as ransomware?

While ransomware is a form of cyber extortion, it is not the only type. Ransomware specifically involves encrypting data or locking computer systems and then demanding a ransom in exchange for restoring access. Other types of cyber extortion, like doxxing or email extortion, may not involve any encryption or technical attacks but instead use threats to expose personal information or damage your reputation.

What can I do if I’m being cyber blackmailed?

If you are being cyber blackmailed, do not engage with the attacker. Report the incident to law enforcement, preserve all evidence, and seek legal advice. Do not pay the ransom because it does not guarantee that the attacker will stop the blackmail.

Can police do anything about cyber extortion?

Law enforcement can investigate and take action against cyber extortionists. In many countries, cyber extortion is considered a criminal offense, and law enforcement agencies, including local police, national cybercrime units, and even international organizations like Interpol, can investigate and pursue the perpetrators. It's important to report the crime as soon as possible to increase the chances of identifying and stopping the attackers.
Author image
Aurelija Skebaitė

Aurelija wants to help people protect what matters most — their identity. Everyone deserves peace of mind online, which is why she’s committed to providing no-nonsense solutions you can count on to stay secure, no matter what.

The credit scores provided are based on the VantageScore 3.0® credit score by TransUnion® model. Lenders use a variety of credit scores and may utilize a different scoring model from VantageScore 3.0® credit score to assess your creditworthiness.

You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.

No single product can fully prevent identity theft or monitor every single transaction.

Some features may require authentication and a valid Social Security Number to activate. To access credit reports, scores, and/or credit monitoring services (“Credit Monitoring Services”), you must successfully pass your identity authentication with TransUnion®, and your VantageScore 3.0® credit score file must contain sufficient credit history information. If either of these requirements is not met, you will not be able to access our Credit Monitoring Services. It may take a few days for credit monitoring to start after a successful enrollment.

NordProtect’s dark web monitoring service scans various sources where users’ compromised personal information is suspected of being published or leaked, with new sources added frequently. However, there is no guarantee that NordProtect will locate and monitor every possible site or directory where consumers' compromised personal information is leaked or published. Accordingly, we may not be able to notify you of all your personal information that may have been compromised.

Identity protection benefits are currently available to all customers residing in the United States, including U.S. territories and the District of Columbia, with the exception of residents of New York and Washington. NordProtect is not a licensed insurance producer. Benefits under the Group Policy are issued and covered by HSB Specialty Insurance Company. You can find further details and exclusions in the Summary of Benefits.

Our identity theft restoration service is part of a comprehensive identity theft recovery package that offers a reimbursement of up to $1 million for identity recovery expenses. To access the support of an identity restoration case manager, you must file a claim with HSB, which NordProtect has partnered with to provide the coverage. HSB is a global specialty insurance company and one of the largest cyber insurance writers in the U.S.