Data Extortion refers to a cybercrime tactic in which attackers steal sensitive data and threaten to expose, sell, or leak it unless a ransom is paid. Unlike traditional ransomware attacks that focus on encrypting systems and disrupting operations, data extortion centers on the theft and weaponization of information itself. In this model, data becomes the primary leverage point—turning confidential files, intellectual property, customer records, and strategic documents into bargaining chips.

Modern data extortion often operates under a “double extortion” model, where attackers both encrypt systems and exfiltrate data, increasing pressure on organizations to comply. In some cases, even without encryption, the mere threat of public disclosure can cause severe financial, legal, and reputational damage. Regulatory penalties, loss of customer trust, competitive disadvantage, and long-term brand impact are often greater risks than operational downtime.

The rise of cloud services, remote work, and interconnected supply chains has expanded the attack surface, making data more distributed and harder to control. As a result, preventing data extortion requires a shift from perimeter-based security to data-centric protection. Organizations must ensure continuous visibility into where sensitive data resides, enforce strong access controls, apply encryption and persistent protection, and monitor abnormal data access or transfer behaviors.

Ultimately, defending against data extortion is less about reacting to ransom demands and more about minimizing the value of stolen data. When sensitive information remains encrypted, governed, and unusable outside authorized environments, attackers lose their leverage—and organizations retain control over their most critical asset: data.