What is cyber extortion?
Cyber extortion is an online crime in which a cybercriminal threatens victims with harm, embarrassment, or financial loss unless they comply with demands, such as paying a ransom or providing sensitive information. The most common examples of cyber extortion are ransomware and DDoS attacks.
Cyber extortion has become significantly more prevalent in recent years due to the rise of digital technologies and the availability of sophisticated tools and techniques. It threatens individuals and organizations and can cause significant harm if left unchecked. Besides the financial costs and reputational damage, cyber extortion can lead to legal implications, regulatory investigations, and compliance issues.
How cyber extortion works
Cyber extortion is a form of cyber blackmail that can be initiated remotely, using malicious software, or physically through physical threats and social engineering tactics. Such tactics may include:
- Impersonating a trusted authority figure to gain access to confidential information.
- Threatening physical violence if the ransom is not paid.
- Demanding payment for services that were not provided.
Types of cyber extortion attacks
Cybercriminals employ various techniques to extort their victims, including ransomware, distributed denial-of-service (DDoS) attacks, data extortion, and email-based extortion.
1) Ransomware attacks
A ransomware attack is a form of cyberattack that uses malicious software to encrypt a victim’s files or lock their device and hold it hostage until a ransom is paid. Ransomware can be spread through email attachments, malicious downloads, or by exploiting software vulnerabilities.
The impact of ransomware
According to Statista, in 2022 alone, a total of 493.33 million ransomware attacks were reported globally, with 71% of companies affected worldwide. That said, the majority of cyber extortion attacks are never officially reported. North America ranked first in the share of ransomware attacks on critical infrastructure, followed by Europe.
What are the three types of ransomware?
The most common types of ransomware are crypto and locker. Crypto malware encrypts data on a device, followed by a demand for money. Locker ransomware makes files or devices inaccessible to the victim. A lock screen often presents a ransom demand.
Other forms of ransomware include:
- Scareware, which uses social engineering to create anxiety or shock and manipulate victims to buy or download malware by presenting it as a solution to the problem.
- Doxware or leakware, a type of cyber extortion in which victims are threatened with their sensitive data being leaked.
- RaaS (Ransomware as a Service), a ransomware business model in which malware developers sell or lease malware to cyber extortionists in return for a monthly fee.
2) DDoS extortion attacks
A Distributed Denial of Service (DDoS) attack is a malicious attempt to render a website or network resource unavailable to users by overwhelming it with excessive requests or data unless a ransom demand is met.
This type of cyber extortion occurs when perpetrators disrupt the regular traffic of a targeted server, service, or network by flooding it with a large amount of fake traffic from multiple sources before they demand money. DDoS cyber attacks are some of the most damaging cyberattacks for online businesses. An e-commerce website that is down can result in considerable damage to the brand and loss of revenue.
3) Data extortion
Data extortion is when malicious actors use data as leverage to gain financial or other benefits. Cybercriminals often use stolen information to demand ransom payments, but data extortion can also involve the threat of releasing sensitive data, such as business records or personal medical records.
4) Email-based extortion
Email-based extortion occurs when the victim receives an email threatening that embarrassing or confidential data will be released if they refuse to pay a ransom. Some scammers threaten their victims while pretending to be an old friend in need.
How to protect yourself from cyber extortion?
Protecting yourself from cyber extortion requires a multi-layered approach and a number of preventative measures.
Invest in a cyber insurance policy
One practical step is to invest in a cyber insurance policy that provides financial protection and assistance in the event of an extortion attempt. Such policies can help cover costs related to legal fees, forensic investigations, and recovery efforts after an attack.
Wash your cyber hands
Additionally, reviewing your digital presence and practicing consistent cybersecurity hygiene is crucial to staying safe online. This includes:
- Regularly updating software and operating systems.
- Using strong and unique passwords.
- Enabling two-factor authentication.
Being cautious with online activities, such as clicking on suspicious links or downloading files from untrusted sources, can significantly reduce your risk of falling victim to computer-related crimes.
Stay on top of the latest cyber extortion trends
Staying informed about emerging cyberthreats is also vital. Monitor news and reports on the latest tactics used by cyber extortionists, such as ransomware and social engineering schemes. By staying proactive and educating yourself about cyberthreats, you can better protect yourself and your digital assets from potential harm.
Is online extortion a crime?
Yes, cyber extortion is a crime. It occurs when someone uses the internet to threaten someone else with harm or damage if they do not comply with their demands. Victims of online extortion may be vulnerable to blackmail, identity theft, and fraud.
Cyber extortion is a form of blackmail that is illegal and considered a criminal offense in Canada, the US, the EU, and the UK.
What to do if you fall victim to a cyber extortion attack?
If you fall victim to a cyber extortion attack, the most critical step is to remain calm and avoid making hasty decisions. If you receive a ransom demand, it’s essential that you not pay it, as there are no guarantees that the perpetrators will follow through on their promises. Instead, contact law enforcement and seek the assistance of cybercrime experts to help recover any compromised data.
How to report cyber extortion
You can report such cases to the FBI’s Internet Crime Complaint Center (IC3) in the US. Victims in Canada can reach out to the RCMP’s Anti-fraud Centre, while in the UK, they can report them to the National Cyber Security Centre’s Incident Response team. The European Union Agency for Law Enforcement Cooperation (EUROPOL) also provides a reporting mechanism for cybercrime incidents.
If you are a business owner, follow the cyber attack response checklist
A checklist provided by the Cybersecurity and Infrastructure Security Agency (CISA) is a great resource to follow for a detailed procedure on ransomware attack response. It has been created jointly with the FBI (Federal Bureau of Investigation), the NSA (National Security Agency), and other government agencies and recommends the following steps:
Detection and analysis
- Evaluate which systems have been attacked and isolate them
- Disconnect devices from the network or power them down
- Prioritize impacted systems for recovery
- Check existing prevention and detection logs for malware you might have missed
- Meet with your team and create a document listing what happened
- Try to understand what caused the cyberattack
Reporting and notification
- Engage with internal and external teams to understand who can provide help
- Follow specific notification requirements if the attack has led to a data breach
Containment and eradication
- Collect logs, captures, and any other evidence of malware
- Consult law enforcement agencies for additional expertise
- Research additional guidance to understand the particular ransome variant you are dealing with
- Identify all systems involved in the initial data breach
- Follow the server-side data encryption checklist if servers have been affected
- Analyze and identify persistence mechanisms
- Reconstruct systems based on the priority list
- Address any additional vulnerabilities once systems have been rebuilt, including password resets
- Declare and report the cyber extortion incident
Recovery and post-incident steps
- Following a priority list, reconnect affected systems to the network
- Create lessons-learned document
- Consider sharing the documents with others to benefit the community.
Does the FBI investigate extortion?
The FBI is the lead federal agency investigating cyberattacks by “criminals, overseas adversaries, and terrorists.” The US’s central national hub for reporting cybercrime, the Internet Crime Complaint Center (the IC3), is run by the FBI.
What are real-life examples of cyber extortion?
Reddit, a discussion website, was targeted by a cyber extortion attack in February 2023. The perpetrators gained access to some of its internal systems and documents. The BlackCat gang, who claimed to be behind the attack, threatened to leak the data if their $4.5 million ransom demand wasn’t met.
A British postal service company, Royal Mail, suffered a “severe service disruption” due to a ransomware attack in January 2023. The attack has been linked to LockBit ransomware which operates on a Ransom-as-a-Service (RaaS) model.
In early 2023, the IT systems of the Tallahassee Memorial Healthcare Hospital in Florida, US, had to be taken down and investigated following an alleged ransomware attack. All patients requiring emergency treatment were transferred to other hospitals.
What is the difference between ransomware and cyber extortion?
Cyber extortion is an umbrella term for computer-related crimes involving blackmail, threats, and ransom demands. Ransomware is a type of malware cyber criminals and state-sponsored actors use to infect targeted computer systems and threaten to disrupt them or leak data if a ransom is not paid.