What is Cyber Extortion?

Cyber extortion is fast becoming a lucrative industry for cyber criminals. In this post, we’ll discuss what cyber extortion is, its forms, some real-life examples, and what can be done to prevent falling prey to cyber extortion.

What is Cyber Extortion?

Cyber extortion is when a cyber attacker demands money or something else in return for stopping the attack or returning access to your systems/data. Cyber extortionists first gain access to a computer, software, or network, usually through ransomware or distributed denial-of-service (DDoS). 

What are the Common Types of Cyber Extortion?

Ransomware

In a ransomware attack, the attacker tricks the victim (say, a company employee) into clicking a link or pop-up ad, opening a corrupted file sent through email, or visiting a website. Such actions “activate” the ransomware, which spreads and infects the company’s site, computers, or the entire network. 

Ransomware encrypts servers and data, making them inaccessible. For the victim to regain access, they must give in to the demands of the attacker. Victims are typically demanded to pay around $200 to $1,000. According to the Center for Internet Security, ransomware attacks have been the leading type of cyber extortion since August 2015.

Distributed denial-of-service (DDoS)

In DDoS attacks, attackers deploy a network of infected computer systems to send a flood of internet traffic that can cripple a website, server, or system. DDoS attacks are like a traffic jam. Attackers might only stop their DDoS attack after the victim pays up. Sometimes, attackers first send a warning of the DDoS attack and then demand payment to not continue the attack.

Email-based cyber extortion

Other cyber extortion cases happen through email. The victims are told that their personal information will be exposed if they don’t pay a ransom within a tight deadline. Payments typically range from $250 to $1,200 in bitcoin or other currency.

For all forms of cyber extortion, bitcoin is the most common form of ransom demanded as it’s widely believed to be an untraceable method of payment. However, it may not be as anonymous as attackers believe.

Effects of Cyber Extortion

Some undesired outcomes of cyber extortion include data breaches, business interruption, damage to the company's reputation, loss of customers, and financial losses.  

In a data breach, attackers may threaten to expose stolen data unless the company pays up. If the company can’t meet the demand, it risks losing confidential corporate data. If the breach involves sensitive customer data, the company may be held liable in court plus incur heavy punishment from regulatory bodies implementing cyber extortion laws. 

Customers who have had their data breached may also lose trust in the company and move on to competitors. In some instances, customers simply move on if they can't access the company's website, products, or services.

Examples of Cyber Extortion

Here are recent cases of cyber extortion.

  • In 2014, hackers hit Feedly with a DDoS attack, preventing users from accessing Feedly’s service. Feedly, however, refused to give in to the demands. Instead, it worked with authorities, other victims, and its content network provider. Within hours, Feedly restored its service.
  • In 2015, the controversial dating website Ashley Madison was hacked by Impact Team. Instead of money, the group threatened to dump users' information publicly if Avid Life Media (ALM, the company behind Ashley Madison) wouldn’t shut down its dating sites. ALM didn't give in to the demands, so the group went on to dump Ashley Madison's data online.
  • In 2017, hackers released “Orange is the New Black” episodes despite receiving $50,000 in ransom from Netflix. Also, in 2017, a cyber extortionist threatened to release “Game of Thrones” episodes if HBO didn’t pay $5.5 million in bitcoin. 
  • In 2017, the Bad Rabbit ransomware affected Russian websites as well as an airport and an underground railway in Ukraine. Bad Rabbit encrypts the content of every infected computer in exchange for $280 each. Bad Rabbit was one of three notorious ransomware that struck that year; the other two were WannaCry and Petya. 

How to Prevent Cyber Extortion

Cyber extortion will remain a constant threat as long as cybercriminals find it lucrative. Here are a few tips to avoid being a victim:

  • Cyber extortion mostly starts through email tactics or social engineering, so companies should prioritize raising cybersecurity awareness. Employee training should include identifying suspicious emails, links, pop-up ads, and websites, not posting sensitive information online, and implementing other steps that would reduce the likelihood of cyber extortion like encouraging your employees to take cybersecurity courses outside of company training.
  • Install antivirus software. Maintain a firewall, and ensure all system software and devices are up to date. 
  • Regularly backup and encrypt sensitive data. Implement and test the recovery process to avoid downtime in the event of ransomware. 

If you do happen to get hit with a cyber extortion attack, having a cyber insurance policy with cyber extortion coverage to deal with the expenses will help protect you from the financial burden. Zeguro Cyber Insurance covers cyber extortions as well as data recreation, loss of business, and crisis management as a result of computer attacks. You can get a quote within minutes here

Should Victims Pay the Cyber Extortion Money?

There’s no right or wrong answer here. If you ask the FBI, the Bureau discourages the payout of extortion money. Some ransomware victims never get the decryption keys after the payout. Some are re-targeted, while others are demanded an extra amount. 

There’s also the perspective that paying the cyber extortionists incentivizes further criminal activity. Then again, companies need to weigh whether not paying the extortion money is worth the negative impact on business and human lives. 

Companies of all sizes are targets of cyber extortion. What companies can do is to make things harder for cyber extortionists by protecting their businesses with robust cybersecurity measures and having cyber insurance in place so they have a safety net. Zeguro’s Cyber Safety solution offers a suite of cybersecurity tools, including employee security training, web app security scanning, and security policy management. Sign up for a free trial to start protecting your business against cyber extortion and other threats today.

Zeguro is a cyber safety solution and insurance provider for small to mid-sized businesses (SMBs), offering a comprehensive suite of tools for risk mitigation and compliance, as well as insurance premiums that are tailored to the size, sector and profile of a company.
Learn more →

Start My Quote Now
Ellen Zhang
Written by

Ellen Zhang

Digital Marketing Manager

Enthusiastic and passionate cybersecurity marketer. Short-story writer. Lover of karaoke.