Security news aggregator

Latest coverage for Extortion

Stay updated on cyber extortion trends: threats, prevention tips, and incident responses. Protect your data with the latest info on digital ransom tactics.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Extortion is coercion through threats: an attacker demands money or another concession while threatening harm if the victim refuses. In cybersecurity, this commonly involves encrypting systems and demanding payment for recovery, stealing data and threatening to publish it (often called double extortion), or threatening service disruption. The threatened harm may be real, exaggerated, or based on data the attacker did not actually obtain; payment does not guarantee data deletion, secrecy, or restoration.

Security teams should treat an extortion demand as a potential incident: preserve evidence, isolate affected systems, determine whether data was accessed, and involve legal and privacy specialists where notification or regulatory duties may apply. Offline, tested backups can reduce leverage from encryption, but they do not address stolen information. Reviewing exposed remote services, credentials, and unpatched internet-facing systems can help contain the access path, while threat intelligence may help assess the attacker’s claims and identify related activity.

Showing 5 most recent headlines Filtered view

CRM-Obsessed ShinyHunters Gang Exploits Misconfigured Customer Experience PortalsA prolific and noisy cybercrime gang with a penchant for stealing Salesforce customers' data and holding it ransom is taking advantage of misconfigured guest accounts meant to provide public access to services meant to remain private, using a Google scanning tool to identify vulnerable accounts.

Researchers said the threat group behind the campaign is associated with ShinyHunters, an outfit that’s previously stolen data from Salesforce instances for extortion attempts. The post Salesforce issues new security alert tied to third customer attack spree in six months appeared first on CyberScoop.

Revenue From Data-Extortion-Only Attacks Appear to Have Plummeted to Virtually NilWhile ransomware continues to disrupt businesses, thankfully some shakedown strategies are losing steam. The latest ISMG Security Report reviews how criminals have continued to refine the ransomware business model and why once-successful strategies for maximizing illicit profits now fall short.