Cyber extortion

What is cyber extortion?

Cyber extortion is a type of crime in which attackers use digital threats to demand money, data, or other concessions. This often involves compromising systems or stealing sensitive information, then threatening to take action, such as releasing data, disrupting services, or exposing accounts, unless the victim complies.

How does cyber extortion work?

Although the exact methods used by attackers may vary, cyber extortion generally follows a similar pattern:

• Initial access: Attackers gain access through phishing, stolen credentials, malware, or exploited vulnerabilities.
• Proof of impact: They demonstrate control, such as encrypting files or showing stolen data.
• Demand: Attackers issue a ransom demand, often with a deadline and payment instructions (often in cryptocurrency).
• Escalation: If ignored, attackers may increase pressure by leaking data, disrupting services, or issuing further threats.

Types of cyber extortion

Here are some of the main tactics used by bad actors:

• Ransomware attack: Attackers encrypt files or systems and demand payment for a decryption key.
• Data theft and leak threats: Attackers steal sensitive data and threaten to publish or sell it unless demands are met.
• Distributed denial-of-service (DDoS) extortion against services: Attackers threaten or launch DDoS attacks to disrupt services unless payment is made.
• Sextortion: Attackers threaten to release intimate or compromising material, whether real or fabricated.
• Impersonation-based extortion: Attackers impersonate trusted figures and issue false threats to pressure victims into compliance.

Consequences of cyber extortion

Cyber extortion can have far-reaching impacts, including:

• Financial and operational damage: Victims may face direct financial losses, as well as indirect losses from business disruption, system downtime, or data recovery costs.
• Exposure of sensitive information: Data stolen by attackers can be leaked or sold, often via leak sites run by ransomware groups or dark web marketplaces. This can lead to privacy violations and the loss of proprietary information. If stolen data includes personal, financial, or account information, it may also be reused in secondary scams (follow-up attacks), such as phishing or identity theft.
• Legal and regulatory consequences: Organizations that fail to adequately protect personal or sensitive data may face fines, legal liability, or regulatory scrutiny.
• Reputational harm and trust erosion: Organizations that become victims of cyber extortion may lose the trust of customers, partners, and stakeholders, damaging their long-term brand reputation.
• Increased future targeting: Paying a ransom or meeting attackers’ demands doesn’t guarantee relief. In fact, it could make a victim an attractive target for future attacks, as it signals that they are able and willing to comply.

Where does cyber extortion happen?

Cyber extortion can occur across a variety of digital platforms and systems, including:

• Email and messaging platforms: Attackers often use phishing to gain initial access or obtain sensitive information. For example, they may share malicious links or attachments to infect victims’ devices with ransomware.
• Compromised networks and endpoints: Personal computers, corporate networks, or devices can be accessed without authorization to steal data, encrypt files, or monitor sensitive activity. This can occur through malware, stolen credentials, or exposed remote access services, such as remote management tools.
• Cloud accounts and Software-as-a-Service (SaaS) tools: Cloud storage, file-sharing services, or collaboration tools may contain sensitive business or personal information that attackers seek to leverage.
• Social media and dating platforms: These are places where people share personal details and connect with others, making it easier for cybercriminals to build trust with potential victims to obtain sensitive information.
• Public-facing websites and APIs: These are often targeted in DDoS extortion attacks because disrupting them can quickly impact business operations, customer access, or revenue.

Further reading

• Cyber extortion: A detailed guide
• Should you pay the ransom? What to consider before deciding
• Ransomware removal: How to remove ransomware step by step
• What is threatware? A complete guide to risks and protection