From Sextortion to Ransomware: The Blackmail Scams Are Taking Over the Internet

Blackmail has been constantly evolving into one of the main risks people face on the internet. We're so used to dealing with other security incidents – data breaches, information theft, malware, zero-day attacks and others – that we might be inclined to forget the other problems out there.

AI, social engineering and cybercrime networks fuel today's blackmail campaigns and attacks. All these factors have contributed to an explosion of cases, but there's a perfect antidote: the informed user.

Let’s explore some real cases and learn how to protect yourself.

Modern blackmail scams explained through real cases

Blackmail can no longer be reduced to a compromising photograph hidden in an envelope. Now, it comes in your inbox, your phone, or your company's email, at any hour, from anywhere in the world.

Criminals hide behind anonymity and automation, banking on the emotional impact of their threats. Victims often freeze, then comply with the criminal's request. Blackmail scams are expanding so aggressively in 2025 because they work. 

Technology has amplified extortion worldwide. AI tools accessible to anyone can generate convincing fakes. Social networks expose personal details – sometimes with the victim's unwitting help – that make manipulation easy.

Massive data breaches offer criminals a steady stream of sensitive information. And to top it all off, ransomware infrastructure operates like a business, complete with HR and negotiation departments, along with public relations strategies designed to humiliate victims. 

Blackmail falls roughly into four major categories: sextortion, account takeover extortion, data leak blackmail, and corporate cyber extortion.

Sextortion scams: real cases vs. empty threats

Sextortion remains the most personal and psychologically destructive form of blackmail. But not all sextortion threats are the same.

Today's sextortion landscape is divided into two very different categories: real sextortion, where attackers find or fabricate compromising information, and sextortion emails built entirely on empty threats, in which criminals rely primarily on the shock factor and fear.

But there is a fundamental truth behind these messages: the attacker has no access, no footage, no malware, and no ability to carry out their threats. Do not pay them.

These scammers send millions of identical emails in bulk, knowing that they’ll make money if even a small percentage of victims are embarrassed or panicked into paying.

Social media account takeover blackmail

Account takeover blackmail is much more common than many people think. It's actually one of the most common online extortion methods and usually targets two very different categories of users. Criminals either go after regular people or influencers.

Both of these categories can have something to lose. Influencers will want their accounts back and might be inclined to pay. Regular users sometimes share sensitive information on social media, including images that are not public, videos, or other private data. They, too, could be inclined to pay to recover access to the account. 

The attackers often begin with phishing links that appear to be Instagram, Facebook, or other social media login pages. Once victims enter their credentials, the attackers quickly lock them out. 

From there, the blackmail begins. Victims are told they must pay to regain access or else their private messages and photos will be leaked. In some situations, attackers impersonate the victim and send messages to friends or relatives, attempting to persuade them to send money or additional compromising material from the victim's contacts. 

What makes this form of blackmail powerful is the emotional connection people have with their digital identity. Losing access feels like losing control of one's public life, and it's often much like the invasion of one's home.

Bitdefender Labs has investigated this type of attack extensively and the numbers paint a stark picture of a rapidly evolving threat landscape that harms the livelihood of both content creators and followers.

Negative review extortion schemes

Google has warned that malicious actors might try to extort businesses by orchestrating attacks using inauthentic negative reviews. It usually starts with a concentrated attack via review-bombing.

The scammers then directly contact the business owner, often through third-party messaging apps, to demand payment.

"They threaten that if the business fails to pay the fee, the negative reviews will remain, or the attack will escalate and further damage the business's public rating and reputation to coerce the victim into paying the extortion demand," says Google.

Data leak blackmail

Data breaches can be a source of blackmail, as unlikely as that might seem. Attackers steal highly sensitive information and then target victims directly.

The Vastaamo psychotherapy breach in Finland remains to this day one of the most damaging examples. Hackers broke into the mental health provider's systems and stole tens of thousands of therapy records.

They initially demanded a ransom from the company. When the company refused, the attackers switched tactics and emailed patients one by one, including excerpts from therapy notes as proof.

Each victim was told to pay a ransom under threat of having their most personal conversations released publicly.

Hundreds of files were eventually leaked to pressure more victims into paying.

The harm caused by the criminal hackers and the subsequent damage to the Vastaamo brand were simply too great, and the company filed for bankruptcy.

Corporate extortion via ransomware

Ransomware is also a form of blackmail, and it's become a highly profitable extortion industry. Modern "double-extortion" attacks involve not only encrypting systems but also stealing data and threatening to leak it publicly if a ransom is not paid.

In one recent case, two teenagers breached the systems of Kido, a chain of London-based nurseries, and stole data and photographs of around 8,000 children, bringing to life the parents' fears of having the images of their kids out in the wild and possibly on the Dark Net.

Ransomware and data theft are among the biggest problems companies face today, but they are now accompanied by blackmail as well, almost always. In fact, they are so common that it's unlikely to see a single day pass without a company being affected.

Blackmail succeeds because it preys on powerful emotions like fear, shame, isolation, and urgency. Individuals worry about their reputation or relationships. Organizations fear regulatory fines, lawsuits, downtime and public backlash.

Attackers have learned to weaponize these emotions, building campaigns designed to overwhelm victims before they get a chance to seek help.

How to protect yourself and your organization

Protection begins with awareness and rapid response. Individuals should never reply to blackmail threats or pay the blackmailers. They should preserve evidence and report incidents immediately. Organizations must practice strong cybersecurity hygiene such as multi-factor authentication, secure backups, strict access controls and continuous monitoring for data exfiltration.

Recognizing the psychological manipulation behind blackmail is just as important as recognizing the threat itself.

How Bitdefender helps stop modern blackmail scams

Bitdefender protects against the full spectrum of blackmail tactics. Advanced ransomware defenses prevent encryption attacks. Identity protection helps detect account takeover attempts. Behavioral threat analysis identifies malware designed to record video or steal data. And network security tools detect unusual patterns that may signal a breach.

Frequently Asked Questions

1. Is sextortion always real?

No. Many sextortion threats involve fake claims and no real evidence.

2. Can attackers really hack my webcam?

Only if your device is compromised, which is far less common than scammers want you to believe.

3. Should I ever pay a blackmailer?

No. Payment encourages further extortion and offers no guarantee of safety.

4. What should businesses do during ransomware incidents?

Activate their incident response plan, notify authorities and work with cybersecurity experts.

5. Do ransomware gangs target individuals?

Occasionally — especially when they obtain personal data through broader breaches.

6. Are hackers really after my social media?

Yes, social media accounts are a highly valuable resource and criminals will invest a lot of money into targeting them.