Cyber extortion is fast becoming a lucrative industry for cyber criminals. In this post, we’ll discuss what cyber extortion is, its forms, some real-life examples, and what can be done to prevent falling prey to cyber extortion.
Cyber extortion is when a cyber attacker demands money or something else in return for stopping the attack or returning access to your systems/data. Cyber extortionists first gain access to a computer, software, or network, usually through ransomware or distributed denial-of-service (DDoS).
In a ransomware attack, the attacker tricks the victim (say, a company employee) into clicking a link or pop-up ad, opening a corrupted file sent through email, or visiting a website. Such actions “activate” the ransomware, which spreads and infects the company’s site, computers, or the entire network.
Ransomware encrypts servers and data, making them inaccessible. For the victim to regain access, they must give in to the demands of the attacker. Victims are typically demanded to pay around $200 to $1,000. According to the Center for Internet Security, ransomware attacks have been the leading type of cyber extortion since August 2015.
In DDoS attacks, attackers deploy a network of infected computer systems to send a flood of internet traffic that can cripple a website, server, or system. DDoS attacks are like a traffic jam. Attackers might only stop their DDoS attack after the victim pays up. Sometimes, attackers first send a warning of the DDoS attack and then demand payment to not continue the attack.
Other cyber extortion cases happen through email. The victims are told that their personal information will be exposed if they don’t pay a ransom within a tight deadline. Payments typically range from $250 to $1,200 in bitcoin or other currency.
For all forms of cyber extortion, bitcoin is the most common form of ransom demanded as it’s widely believed to be an untraceable method of payment. However, it may not be as anonymous as attackers believe.
Some undesired outcomes of cyber extortion include data breaches, business interruption, damage to the company's reputation, loss of customers, and financial losses.
In a data breach, attackers may threaten to expose stolen data unless the company pays up. If the company can’t meet the demand, it risks losing confidential corporate data. If the breach involves sensitive customer data, the company may be held liable in court plus incur heavy punishment from regulatory bodies implementing cyber extortion laws.
Customers who have had their data breached may also lose trust in the company and move on to competitors. In some instances, customers simply move on if they can't access the company's website, products, or services.
Here are recent cases of cyber extortion.
Cyber extortion will remain a constant threat as long as cybercriminals find it lucrative. Here are a few tips to avoid being a victim:
If you do happen to get hit with a cyber extortion attack, having a cyber insurance policy with cyber extortion coverage to deal with the expenses will help protect you from the financial burden. Zeguro Cyber Insurance covers cyber extortions as well as data recreation, loss of business, and crisis management as a result of computer attacks. You can get a quote within minutes here.
There’s no right or wrong answer here. If you ask the FBI, the Bureau discourages the payout of extortion money. Some ransomware victims never get the decryption keys after the payout. Some are re-targeted, while others are demanded an extra amount.
There’s also the perspective that paying the cyber extortionists incentivizes further criminal activity. Then again, companies need to weigh whether not paying the extortion money is worth the negative impact on business and human lives.
Companies of all sizes are targets of cyber extortion. What companies can do is to make things harder for cyber extortionists by protecting their businesses with robust cybersecurity measures and having cyber insurance in place so they have a safety net. Zeguro’s Cyber Safety solution offers a suite of cybersecurity tools, including employee security training, web app security scanning, and security policy management. Sign up for a free trial to start protecting your business against cyber extortion and other threats today.