Cyber extortion: What is it and how to protect yourself

Cyber extortion is a broad category of internet and computer-related crime. As the name suggests, the cyberattacks included under this umbrella term involve criminals forcing people and businesses to hand over money or sensitive data, often with threats and coercion.

Cyber extortion attacks involve hackers attempting to convince, trick, or bully a victim into giving up money or confidential data (or both). Hackers can do so through phishing emails, ransomware attacks, and other extortion methods. The result of a successful cyber extortion attack could be a data breach, financial loss, identity theft, or even cyber espionage.

Cyber extortionists have two general methods for getting what they want (which is, in most cases, money).

• Coercion and social engineering. The subtler of the two tactics involves tricking people into giving away sensitive information or handing over money directly. Hackers can pretend to be someone else — a friend, a romantic partner, or even a business like a bank or online retailer — and try to convince a victim to do what they want. Common examples of this technique include phishing emails and romance scams.
• Threats and ransom demands. If a cyber extortionist favors a more direct route, they can cause, or threaten to cause, intense distress and disruption for the person being targeted. They then give the victim an ultimatum: pay up, or suffer the consequences. The hackers could threaten to leak a victim’s personal photos or private information if they don’t pay a certain amount of money. Alternatively, they could use ransomware to make a company’s files inaccessible and return them only if a fee is paid.

A cyber extortion attack can come in many forms. Here are just a few of the most common types of online extortion.

Ransomware

Hackers often target businesses and government agencies with ransomware. A ransomware attack involves infecting a device with a type of malware that encrypts data, making it impossible for the device owner to access essential files and resources. The hackers then demand a ransom in return for a digital key that will allow the person or company to decrypt their files. If they fail to pay, the hacker might leak the stolen data on the dark web. You might get a dark web alert if your sensitive data is found on the dark web.

Even if they manage to regain access to their data, a ransomware attack can cause immense disruption and reputation damage. In 2021, the company operating the Colonial Pipeline in the US was hit by a ransomware attack, which caused drivers to panic-buy gasoline and drove the cost of gas up considerably.

DDoS attacks

DDoS attacks are used to make websites, apps, and other online services inaccessible to their intended users. These attacks usually involve hackers flooding the target with an artificially inflated volume of traffic. For example, they could use bots to overwhelm a website’s servers, ensuring that it cannot display pages for genuine visitors. The cyber extortionist then offers to call off the attack if they are paid a requested amount.

Email-based extortion

Email-based cyber extortion is common and usually sees the hacker pretending to be someone else: a business, for example, or a friend of the target. They take on this persona to lull the target into a false sense of security before trying to convince them to transfer money (perhaps pretending to be a friend in need) or expose private information (login details for a banking app, for example).

Cyber blackmail

A cyber extortionist may target a victim with blackmail, threatening to leak personal data or even compromising images unless they pay up. They may claim to have more leverage than they do, but the fear of exposure or public embarrassment can be enough to ensure that the victim pays the requested fee. While young people are particularly at risk of sextortion, it and other forms of cyber blackmail can happen to people of any age.

We have seen numerous high-profile cyber extortion cases in the past. Some of the most documented cyber extortion examples include:

• 1. WannaCry ransomware attack
• 2. The Karakurt group
• 3. Baltimore ransomware
• 4. Colonial Pipeline attack
• 5. Garmin ransomware attack
• 6. Travelex ransomware attack
• 7. Nokia cyber extortion case

In 2017, the WannaCry ransomware infected over 300,000 devices across 150 countries, targeting hospitals, businesses, and government agencies. The cybercriminals demanded ransoms ranging from $300 to $600 to decrypt the victims’ data, and the overall damage is estimated to be in the range of hundreds of millions to even billions of dollars.

The Karakurt group doesn’t use ransomware. Instead, it deploys other malicious software to steal data and then extort its victims for its return. Operations by Karakurt were first noticed in June 2021, and they have remained active. From September to November 2021, the group claimed to have impacted over 40 victims. It targets a wide range of industries, including healthcare, the industrial sector, entertainment, and technology.

In 2019, the city of Baltimore was hit by a significant ransomware cyberattack that disrupted the city’s government computer systems. A variant of ransomware known as RobbinHood compromised most of Baltimore’s servers. The attackers demanded 13 bitcoins, approximately $76,280, to restore access. The ransom note stated that the ransom would increase if the demands were not met within four days, and all data would be deleted after 10 days. The recovery process was prolonged and costly. Ultimately, Baltimore spent approximately $18 million to restore services.

In 2021, the hacking group DarkSide disrupted the Colonial Pipeline, the largest in the US for transporting refined petroleum products, and demanded a ransom. The attack stopped the pipeline’s operations for about five days, causing localized shortages of gasoline, diesel, and jet fuel and leading to panic-buying across the southeastern US. Colonial Pipeline resolved the attack by paying DarkSide approximately $4.4 million in cryptocurrency to regain access to their systems.

On July 23, 2020, cybercriminals attacked Garmin, known for its GPS fitness trackers, with a ransomware called WastedLocker. Unlike typical ransomware, WastedLocker locks programs until decrypted without stealing data. The attack, starting early Thursday and lasting through the weekend, severely disrupted Garmin’s operations. Global users could not upload to Garmin Connect, the company’s website went down, customer support was unavailable, and manufacturing halted. The attackers encrypted Garmin’s systems and demanded a $10 million ransom to restore them.

In late 2019, Travelex was hit by a ransomware attack after cybercriminals exploited a security flaw in their VPN system, provided by Pulse Secure. This flaw allowed attackers to bypass security measures and deploy Sodinokibi ransomware, which encrypted the company’s files and potentially stole customer data. The criminals demanded almost £5 million for the return of 5GB of stolen data. The resolution of this incident involved Travelex working with cybersecurity experts to isolate affected systems and attempt recovery, although the details on whether the ransom was paid remain unclear.

In 2007, Nokia faced a cyber extortion case when criminals stole an encryption key for its Symbian operating system and demanded a ransom. The attackers threatened to release the key publicly if Nokia refused to pay millions of euros. In a dramatic response, Nokia left the ransom money in a parking lot, hoping law enforcement could track and catch the criminals during the pickup. Unfortunately, the authorities were unable to trace the attackers.

Cyber extortion is a very real threat for both individuals and businesses. Whether we’re talking about companies having to pay up or risk massive data breaches or individuals falling victim to manipulative phishing emails, extortion is a risk to everyone. If you are a victim of cyber extortion, you can always take steps to protect yourself.

• Contact the authorities. As soon as possible, speak to the police. This step is important for two reasons: they can advise you on the best response to the threat of extortion, and they may even be able to find the person targeting you. Many cyber extortionists will tell their victims not to contact the police, but that shouldn’t dissuade you from doing so. In most cases the perpetrator won’t actually be able to tell if you have reported them or not. Whether you’re dealing with direct extortion or other forms of cyber harassment, going to the police is a good idea.
• Be wary of emails. If you receive an email from someone you don’t know, or even a slightly unusual message from a contact you recognize, be on your guard. It could be a cyberattack, and you should always take some steps to verify an email’s authenticity. Check for spelling mistakes, unusual email handles, and attempts by the sender to pressure you into clicking on a link or exposing information. If possible, find an alternative way to contact the company or person the sender claims to be and have them confirm that the email came from them.
• Stay up to date on cyber threats. It’s important to be aware of emerging threats online. For example, if a company you have previously given your information to suffers a data breach, you should change your passwords and be extra vigilant. When news breaks that a new email scam has appeared online, take note. Knowing in advance what risks you may face makes you far less likely to fall victim to cyber extortion.
• Avoid potential malware sources. Malware can be downloaded from many different places: infected websites, links in suspicious emails, and even online ads. Once your device is infected with malware, it becomes extremely difficult to regain control of your data, so it’s best not to end up in that situation in the first place. Try using NordVPN’s Threat Protection Pro feature to prevent you from stumbling onto websites that are known to spread malware. NordVPN also offers encryption for your internet traffic, improving overall security online.

How to report cyber extortion

When cyber extortion occurs, it is vital that you report it because doing so can help you stay safe and lowers the likelihood of other people being targeted in the same way. You can report cyber extortion in two ways:

• Contact law enforcement. While the authorities may not be able to find and charge the person behind the extortion — perpetrators often target people in other countries — they can advise you on how to proceed. Many law enforcement organizations have specialized officers and units to deal with issues around cybercrime and extortion.
• Contact the platform on which the extortion takes place. By doing this, you alert the website or service to scams they may not have been aware of and can even get the hackers blocked or banned (though if they’re using multiple accounts, this might not keep them away for long). If you think you’ve received a phishing message on Instagram or Facebook, for example, use the sites’ reporting system to report it to moderators.

Try using NordVPN to lower the likelihood of cyber extortion and boost your overall privacy and security.

Comprehensive security measures are key if you want to protect your business and yourself. Here’s the ounce of prevention you can implement to avoid cyber extortion:

1. Regularly update software and operating systems to fix vulnerabilities.
2. Train your employees on best cybersecurity practices and recognizing phishing attempts.
3. Make using strong, unique passwords and multi-factor authentication mandatory.
4. Regularly back up data and ensure your backups are secure and not connected to the main network.
5. Use reliable and strong security software, including firewalls, antiviruses, and VPNs.
6. Limit people’s access to sensitive data and have strict access controls.
7. Monitor networks for unusual activities that could indicate a breach — set up automated alerts and update them regularly.
8. Put together a plan for potential cyber extortion incidents — it should include crisis management, business continuity, and business recovery plans.

Do you need cyber extortion insurance?

It depends on several factors: the nature of your business, the sensitivity of the data you handle, and the security measures you already have.

Cyber extortion insurance will provide some financial protection in case of data theft or ransomware. However it’s important to do the math and evaluate whether the terms and coverage will meet your specific needs.

Think about whether the maximum amount you receive will be enough to cover your losses — both reputational and financial. If you handle extremely sensitive data, it would be a better idea to opt for additional security measures for your network, devices, and storage. Because no matter how much monetary compensation you’d get if someone steals that data — the trust of your customers can’t be bought back.

If you’re an individual user who wants additional protection online, getting cyber insurance could be just the thing — if you lose money because of extortion, a cyberattack, or a scam, you will get it back from the insurance company. Some also offer identity theft protection, so if restoring your identity requires a lot of money, you may get some of it back.