An extortion tracker is a public feed or publication that lists alleged victims, leak notices, countdowns, or claim messages used in ransomware and data-extortion campaigns. It is not, by itself, proof of a breach. Attackers use these trackers to increase pressure, damage reputation, and force a response before technical facts are confirmed.
In cyber security, extortion trackers matter because they can be an early warning source for defenders, customers, and incident responders. A name or domain appearing in a tracker may indicate a real compromise, a false claim, or a partially verified event, so it must be checked against logs, endpoint evidence, and backup status. Security teams monitor these feeds to preserve evidence, assess exposure, and prepare communications without treating the public claim as final proof.