Cyber extortion is a type of cybercrime that can cause individuals and businesses financial loss, service disruption, and reputation damage. In this article, we’ll explore how cyber extortion works and show you how you can protect yourself from cybercriminals and their tactics.
Contents
Cyber extortion is a broad category of internet and computer-related crime. As the name suggests, the cyberattacks included under this umbrella term involve criminals forcing people and businesses to hand over money or sensitive data, often with threats and coercion.
Cyber extortion attacks involve hackers attempting to convince, trick, or bully a victim into giving up money or confidential data (or both). Hackers can do so through phishing emails, ransomware attacks, and other extortion methods. The result of a successful cyber extortion attack could be a data breach, financial theft, or even cyber espionage
Cyber extortionists have two general methods for getting what they want (which is, in most cases, money).
A cyber extortion attack can come in many forms. Here are just a few of the most common types of online extortion.
Hackers often target businesses and government agencies with ransomware. A ransomware attack involves infecting a device with a type of malware that encrypts data, making it impossible for the device owner to access essential files and resources. The hackers then demand a ransom in return for a digital key that will allow the person or company to decrypt their files. If they fail to pay, the hacker might leak the stolen data on the dark web.
Even if they manage to regain access to their data, a ransomware attack can cause immense disruption and reputation damage. In 2021, the company operating the Colonial Pipeline in the US was hit by a ransomware attack, which caused drivers to panic-buy gasoline and drove the cost of gas up considerably.
Distributed denial of service (DDoS) attacks are used to make websites, apps, and other online services inaccessible to their intended users. These attacks usually involve hackers flooding the target with an artificially inflated volume of traffic. For example, they could use bots to overwhelm a website’s servers, ensuring that it cannot display pages for genuine visitors. The cyber extortionist then offers to call off the attack if they are paid a requested amount.
Email-based cyber extortion is common and usually sees the hacker pretending to be someone else: a business, for example, or a friend of the target. They take on this persona to lull the target into a false sense of security before trying to convince them to transfer money (perhaps pretending to be a friend in need) or expose private information (login details for a banking app, for example).
A cyber extortionist may target a victim with blackmail, threatening to leak personal data or even compromising images unless they pay up. They may claim to have more leverage than they do, but the fear of exposure or public embarrassment can be enough to ensure that the victim pays the requested fee.
When cyber extortion occurs, it is vital that you report it because doing so can help you stay safe and lowers the likelihood of other people being targeted in the same way. You can report cyber extortion in two ways:
PRO TIP: Don't let scammers intimidate you into not contacting the police. It's a common tactic among fraudsters to claim that they will know if you engage the authorities, but this often not the case. If you speak with law enforcement, they can provide you with expert advice.
Cyber extortion is a very real threat for both individuals and businesses. Whether we’re talking about companies having to pay up or risk massive data breaches or individuals falling victim to manipulative phishing emails, extortion is a risk to everyone. If you are a victim of cyber extortion, you can always take steps to protect yourself.