As the name suggests, cyberextortion is extortion that takes place within the digital realm. It is one of the most common forms of cybercrime, with more and more cases occurring every year. Cyberextortion is commonly done with the help of personal information acquired from malware, phishing or hacking. This sensitive personal information is then used to extort money, often a digital currency like Bitcoin, from the user to prevent its public release.
Hackers and other malicious internet actors can also extort money from websites, services, or individuals by attacking a website or server, then promising to stop the attacks when payment is received.
In cases of digital blackmail, sensitive information is acquired through a security breach and the criminal then contacts the target to negotiate payment to prevent the information's release. This could also include threats of identity theft, publishing embarrassing or disturbing personal information in public, or contacting employers or family members with damaging material. This can be difficult to fight against, as once the criminal has accessed this information, it may be easy for them to access it again.
An increasingly common variant of this is bluff blackmail, where users are targeted with emails or text/SMS messages that claim to have sensitive or damaging personal information on the users, even when they do not. These bluff scams rely on people's fears and hang-ups, such as their sexual proclivities and online browsing habits.
Outside of blackmail, DDoS attacks are the most common platform for cyberextortion. A DDoS attack is when a website or service's bandwidth and/or resources are flooded by multiple systems to the point where the website is unable to function. This often occurs when there is a security flaw that has been exploited by malicious actors.
DDoS is used as a platform for cyberextortion when the hackers contact the targeted party and ask for money in exchange for the attacks ending.
An increasingly common form of cyberextortion is bug poaching, where a hacker will create an analysis of a website, company, or system's security flaws and weaknesses and present it to the victim, offering to fix it in exchange for remuneration lest they exploit it. Bug poaching is sometimes used less maliciously, with the hacker not threatening the organization with a full data breach if they are not paid, but bug poaching is usually an illicit criminal act and an example of cyberextortion.