What is cyber extortion?
Cyber extortion is blackmailing an individual or organization by threatening to release sensitive data or launch a cyberattack.
Cyber extortion is a broad category of internet and computer-related crime. As the name suggests, the cyberattacks included under this umbrella term involve criminals forcing people and businesses to hand over money or sensitive data, often with threats and coercion.
Cyber extortion attacks involve hackers attempting to convince, trick, or bully a victim into giving up money or confidential data (or both). Hackers can do so through phishing emails, ransomware attacks, and other extortion methods. The result of a successful cyber extortion attack could be a data breach, financial loss, identity theft, or even cyber espionage.
How does cyber extortion work?
Cyber extortionists have two general methods for getting what they want (which is, in most cases, money).
- Coercion and social engineering. The subtler of the two tactics involves tricking people into giving away sensitive information or handing over money directly. Hackers can pretend to be someone else — a friend, a romantic partner, or even a business like a bank or online retailer — and try to convince a victim to do what they want. Common examples of this technique include phishing emails and romance scams.
- Threats and ransom demands. If a cyber extortionist favors a more direct route, they can cause, or threaten to cause, intense distress and disruption for the person being targeted. They then give the victim an ultimatum: pay up, or suffer the consequences. The hackers could threaten to leak a victim’s personal photos or private information if they don’t pay a certain amount of money. Alternatively, they could use ransomware to make a company’s files inaccessible and return them only if a fee is paid.
Most common types of cyber extortion
A cyber extortion attack can come in many forms. Here are just a few of the most common types of online extortion.
Hackers often target businesses and government agencies with ransomware. A ransomware attack involves infecting a device with a type of malware that encrypts data, making it impossible for the device owner to access essential files and resources. The hackers then demand a ransom in return for a digital key that will allow the person or company to decrypt their files. If they fail to pay, the hacker might leak the stolen data on the dark web. You might get a dark web alert if your sensitive data is found on the dark web.
Even if they manage to regain access to their data, a ransomware attack can cause immense disruption and reputation damage. In 2021, the company operating the Colonial Pipeline in the US was hit by a ransomware attack, which caused drivers to panic-buy gasoline and drove the cost of gas up considerably.
DDoS attacks are used to make websites, apps, and other online services inaccessible to their intended users. These attacks usually involve hackers flooding the target with an artificially inflated volume of traffic. For example, they could use bots to overwhelm a website’s servers, ensuring that it cannot display pages for genuine visitors. The cyber extortionist then offers to call off the attack if they are paid a requested amount.
Email-based cyber extortion is common and usually sees the hacker pretending to be someone else: a business, for example, or a friend of the target. They take on this persona to lull the target into a false sense of security before trying to convince them to transfer money (perhaps pretending to be a friend in need) or expose private information (login details for a banking app, for example).
A cyber extortionist may target a victim with blackmail, threatening to leak personal data or even compromising images unless they pay up. They may claim to have more leverage than they do, but the fear of exposure or public embarrassment can be enough to ensure that the victim pays the requested fee. While young people are particularly at risk of sextortion, it and other forms of cyber blackmail can happen to people of any age.
Real-life cyber extortion examples
There were numerous high-profile cases of cyber extortion.
WannaCry ransomware attack
In 2017, WannaCry ransomware infected over 300,000 devices in 150 countries, targeting hospitals, businesses, and government agencies. The cyber criminals demanded ransoms for decrypting victims’ data, which varied from $300 to $600, but the overall damage is estimated to range from hundreds of millions to even billions of dollars.
The Karakurt group
The Karakurt group doesn’t use ransomware. Instead, they use other malicious software to steal the data and then extort their victims for its return. Karakurt’s operations were first noticed in June 2021, and they have been active since then. Between September and November 2021, the group claimed to have impacted over 40 victims. They target a wide range of industries, including healthcare, the industrial sector, entertainment, and technology.
In 2019, the city of Baltimore was hit by a ransomware cyber attack that significantly disrupted the city’s government computer systems. A variant of ransomware called RobbinHood compromised most of Baltimore’s servers. The attackers demanded 13 bitcoins, approximately $76,280, to restore access. The ransom note warned that if the demands were not met within four days, the ransom would increase and all data would be deleted after ten days. The recovery process was prolonged and costly, and in the end, Baltimore spent approximately $18 million to restore services.
How to deal with cyber extortion
Cyber extortion is a very real threat for both individuals and businesses. Whether we’re talking about companies having to pay up or risk massive data breaches or individuals falling victim to manipulative phishing emails, extortion is a risk to everyone. If you are a victim of cyber extortion, you can always take steps to protect yourself.
- Contact the authorities. As soon as possible, speak to the police. This step is important for two reasons: they can advise you on the best response to the threat of extortion, and they may even be able to find the person targeting you. Many cyber extortionists will tell their victims not to contact the police, but that shouldn’t dissuade you from doing so. In most cases the perpetrator won’t actually be able to tell if you have reported them or not. Whether you’re dealing with direct extortion or other forms of cyber harassment, going to the police is a good idea.
- Be wary of emails. If you receive an email from someone you don’t know, or even a slightly unusual message from a contact you recognize, be on your guard. It could be a cyberattack, and you should always take some steps to verify an email’s authenticity. Check for spelling mistakes, unusual email handles, and attempts by the sender to pressure you into clicking on a link or exposing information. If possible, find an alternative way to contact the company or person the sender claims to be and have them confirm that the email came from them.
- Stay up to date on cyber threats. It’s important to be aware of emerging threats online. For example, if a company you have previously given your information to suffers a data breach, you should change your passwords and be extra vigilant. When news breaks that a new email scam has appeared online, take note. Knowing in advance what risks you may face makes you far less likely to fall victim to cyber extortion.
- Avoid potential malware sources. Malware can be downloaded from many different places: infected websites, links in suspicious emails, and even online ads. Once your device is infected with malware, it becomes extremely difficult to regain control of your data, so it’s best not to end up in that situation in the first place. Try using NordVPN’s Threat Protection feature to prevent you from stumbling onto websites that are known to spread malware. NordVPN also offers end-to-end encryption for your connections, and improves overall security online.
How to report cyber extortion
When cyber extortion occurs, it is vital that you report it because doing so can help you stay safe and lowers the likelihood of other people being targeted in the same way. You can report cyber extortion in two ways:
- Contact law enforcement. While the authorities may not be able to find and charge the person behind the extortion — perpetrators often target people in other countries — they can advise you on how to proceed. Many law enforcement organizations have specialized officers and units to deal with issues around cybercrime and extortion.
- Contact the platform on which the extortion takes place. By doing this, you alert the website or service to scams they may not have been aware of and can even get the hackers blocked or banned (though if they’re using multiple accounts, this might not keep them away for long). If you think you’ve received a phishing message on Instagram or Facebook, for example, use the sites’ reporting system to report it to moderators.
Try using NordVPN to lower the likelihood of cyber extortion and boost your overall privacy and security.
How to prevent cyber extortion
Comprehensive security measures are key if you want to protect your business and yourself. Here’s the ounce of prevention you can implement to avoid cyber extortion:
- Regularly update software and operating systems to fix vulnerabilities.
- Train your employees on best cybersecurity practices and recognizing phishing attempts.
- Make using strong, unique passwords and multi-factor authentication mandatory.
- Regularly back up data and ensure your backups are secure and not connected to the main network.
- Use reliable and strong security software, including firewalls, antiviruses, and VPNs.
- Limit people’s access to sensitive data and have strict access controls.
- Monitor networks for unusual activities that could indicate a breach — set up automated alerts and update them regularly.
- Put together a plan for potential cyber extortion incidents — it should include crisis management, business continuity, and business recovery plans.
Do you need cyber extortion insurance?
It depends on several factors: the nature of your business, the sensitivity of the data you handle, and the security measures you already have.
Cyber extortion insurance will provide some financial protection in case of data theft or ransomware. However it’s important to do the math and evaluate whether the terms and coverage will meet your specific needs.
Think about whether the maximum amount you receive will be enough to cover your losses — both reputational and financial. If you handle extremely sensitive data, it would be a better idea to opt for additional security measures for your network, devices, and storage. Because no matter how much monetary compensation you’d get if someone steals that data — the trust of your customers can’t be bought back.
If you’re an individual user who wants additional protection online, getting cyber insurance could be just the thing — if you lose money because of extortion, a cyberattack, or a scam, you will get it back from the insurance company. Some also offer identity theft protection, so if restoring your identity requires a lot of money, you may get some of it back.
Want to read more like this?
Get the latest news and tips from NordVPN.