/ɪkˈstɔːrʃənweər/
noun
1. Malicious software that threatens to publish, delete, or restrict access to a victim’s data or computer system unless a ransom is paid; typically involves data exfiltration and extortion rather than encryption.
2. A form of cyberattack that combines elements of data theft and blackmail, where attackers threaten to expose sensitive information unless their demands are met.
Etymology
Early 21st century: blend of extortion and software, modeled after ransomware.
usage
The term is used in reference to attacks where the goal is the release or misuse of stolen information rather than system disruption. It appears often in technical reports, legal summaries, and incident response documents when describing data theft events that involve threats of disclosure.
context
Extortionware became more common as organizations improved their ability to recover from traditional ransomware. Attackers began to focus on confidential data, private records, and internal correspondence since this material cannot be restored once copied. The pressure created by the threat of publication is the primary feature of this type of incident.
characteristics
Incidents usually involve unauthorized access, targeted collection of files, removal of information, and a demand for payment tied to the sensitivity of the stolen material. Attackers may also claim they will contact customers or employees if the victim refuses the demand.
distinction
The term is separate from ransomware because extortionware does not depend on encryption or loss of access. The defining element is the threat of exposing information that has already been removed from the system.
| Aspect | Extortionware | Ransomware |
|---|---|---|
| Primary method | Theft of information | Encryption of files or systems |
| Main pressure point | Threat of public disclosure | Loss of access to data |
| System availability | Systems often remain functional | Systems may be unusable |
| Core objective | Prevent release of stolen data | Restore access with a decryption key |
| Attack sequence | Access, collect, exfiltrate, extort | Access, encrypt, extort |
| Typical impact | Reputational and privacy risk | Operational disruption |
| Payment reasoning | Avoid publication | Obtain decryption key |
| Can include data theft | Always | Sometimes |
Extortionware and ransomware both involve unauthorized access and financial pressure, and attackers may combine the two techniques in a single incident.