An extortion economy is a criminal operating model built around intrusion, coercion, and payment. Instead of treating ransomware as a single malware event, it views the attack as a business chain: access brokers, affiliates, malware operators, stolen-data handlers, and negotiators all help create leverage over the victim. The goal is not only to encrypt files, but to pressure the target into paying by threatening downtime, data leaks, or repeated harassment.
This concept matters in cyber security because it explains why ransomware and related schemes are resilient. Even if one actor is disrupted, others can replace them, and the same infrastructure can support credential theft, persistence, privilege escalation, and data exfiltration. Defenders should therefore monitor for the whole extortion workflow: abnormal logins, lateral movement, large outbound transfers, backup tampering, and signs of negotiation activity. Effective response also depends on offline backups, strong MFA, least privilege, and incident plans that assume extortion, not just encryption.