Bug poaching

Bug poaching is a cyberextortion tactic in which a hacker breaks into a corporate network and creates an analysis of the network’s private information and vulnerabilities. The hacker will then contact the corporation with evidence of the breach and demand ransom.

Operation
Unlike a typical ransomware attack, once information is stolen, a bug poacher will extort the company with information on how their system was breached, rather than the stolen data itself. IBM Security has found that a bug poaching campaign has targeted approximately 30 companies in 2015, which don’t have bug bounty programs.

Recovery of Files
Bug poachers have demanded up to $30,000 to share how they breached the system. Poachers do not immediately destroy or release stolen data. Some may choose not to pay bug poachers, since they do not typically release the stolen data. However, you will need to hope that the data is not leaked.

A Grey Hat Technique?
Ethical hacking is often described as white hat while the alternative is often termed black hat. Bug poaching uses unethical behavior in requesting a ransom, however uses the technique of alerting the company which is often used by ethical hackers. It therefore has a few attributes of each hat, fitting at least one definition of grey-hat.