CYBER EXTORTION: Definition, Coverages, and Examples

Cyber extortion
Image Source: TechRepublic

The FBI received about 847,376 reports of cyber extortion in 2021. The number keeps rising at an incredible rate on a daily basis. Most companies and even individuals are victims of cyber extortion, and these guys are still bent on taking advantage of people. To avoid being a victim necessitates premium measures to avoid being a victim. Once these criminals capture your data or website, the next step is to ruin your data system or demand a ransom. Some firms are being compelled to pay very huge sums of money to regain access to their resources as attacks and payments both rise. We’ll discuss how cyber extortion works, reporting it if you’re a victim, as well as the measures you can use as coverage to protect your company from these con artists.

What is Cyber Extortion

When a hacker acquires illegal access to your company’s sensitive data or computer systems, cyber extortion happens when they demand money in return for letting you regain control of the situation or stop the attack. For instance, if a hacker attacks your e-commerce website with a distributed denial-of-service (DDoS) attack, customers may be unable to purchase your products or services until you pay the demanded ransom.

How Does Online Extortion Operate?

Cyber extortion refers to any attack that the attacker promises to end until you pay them money. In many instances, the hacker will begin the attack before getting in touch with you and requesting money. After you give them the money, they might stop attacking or hand over control of your system. Sadly, some attackers break their promises. This shows that an organization might not get the results it wants even after paying money.

When demanding money online, cybercriminals frequently provide advice on how to do so. This often involves obtaining a bitcoin wallet to send the money to, which offers the hacker a few advantages. Bitcoin transactions are not only quite rapid and easy, but they also protect the participants’ identities, making it incredibly difficult for law enforcement authorities to track down the attacker.

How to Recognize Online Scams

If you know how to see the warning signs, you can avoid being a victim of cyber extortion. For instance, beware of fraudulent, unlawful websites masquerading as legitimate sources. Attackers use these to force users to give sensitive information such as login passwords.

Another method by which cyber extortion can begin is with an email that appears to be from a trustworthy source and makes a cash offer in exchange for anything you do, such as assisting with a wire transfer. Any email that requests money from you should be viewed as a red flag for a scam that could lead to cyber extortion.

How to Stop Cyber-Extortion at Your Company

Here are 12 precautions you can take to safeguard your company online from extortion and prevent having to make significant financial outlays, as in the case of recent cyberattacks:

#1. Create a copy of your files and data

Even if you have a ransomware attack, you may still access the files and data you need to continue running your business if you have a backup that is simple to get to.

#2. Have a deep understanding of the information needed by your business to run

Knowing the information that is essential to the operation of your business will give you a clearer idea of the assets you need to protect.

#3. Use firewalls and antivirus software

These cybersecurity measures shield against malware that hackers use to launch ransomware assaults on your computer.

#4. Conduct thorough background checks on all of your employees

An applicant’s criminal history, particularly if it involves cybercrime, may be grounds for alarm.

#5. Teach your staff members about phishing and how to avoid it

Be careful to bring up spear and whale phishing, as well as phishing. While spear phishing targets specific people or groups of employees, whale phishing targets those in positions of influence. When hackers try to deceive victims into divulging sensitive information, it’s phishing.

#6. Your company’s defense against DDoS attacks

It is simple to carry out a DDoS attack, especially if the attacker uses a botnet, which is a network of computers that transmits phony requests.

#7. Establish a breach management plan

Everyone who potentially is impacted must be involved in the mitigation of data breaches. Additionally, do routine drills, tabletop exercises, and training sessions to ensure all of your staff is prepared and competent.

#8. Employ contemporary tools

Update your program whenever a security patch is made available.

#9. Utilize intrusion detection systems

Your intrusion detection solution should have prompt notifications that are sent to all pertinent parties.

#10. Implement a least privilege requirements-based authentication system:

If a worker does not need to have access to a particular section of your network, they shouldn’t be given access to it.

#11. Invest in cyber insurance

A cyber extortion insurance policy can shield your company from the financial ramifications that generally follow a cyber attack.

#12. Utilize state-of-the-art cybersecurity technology

In order for enterprises to always have access to the most recent threat intelligence, this should include a technology that gathers data from a threat intelligence network, such as FortiGuard Labs.

Cyber Extortion Examples

Here are a few recent examples of cyberattacks that had an international impact.

#1. A Kaseya Ransomware attack

A supply chain attack against the US-based remote management software provider Kaseya was made public on July 2, 2021. The company disclosed that attackers may use its VSA technology to install ransomware on consumer machines.

The attack was carried out by the cybercriminal group REvil, which has its headquarters in Russia. The business estimates that less than 0.1% of Kaseya’s clients were affected; however, some of these clients were managed service providers (MSP), who used Kaseya software, and their clients were also affected.

#2. SolarWinds Supply Chain Attack

In honor of its Austin-based victim, an IT management company, this massive, incredibly inventive supply chain attack was given the moniker SolarWinds when it was first identified in December 2020. It was carried out by APT 29, a group with ties to the Russian government that frequently engages in cybercrime.

The attack affected a SolarWinds software upgrade for the Orion platform. During the hack, threat actors infected Orion’s updates with malware that later went by the names Sunburst or Solorigate ransomware. The modifications were then made available to SolarWinds’ clients.

The SolarWinds attack is regarded as one of the most serious cyber espionage attacks on the US because it successfully compromised the US military, numerous US-based federal agencies, including those in charge of nuclear weapons, critical infrastructure services, and the majority of Fortune 500 companies.

#3. Amazon DDoS Attack

In February 2020, Amazon Web Services (AWS) was the target of a serious distributed denial of service (DDoS) attack. The organization experienced and countered a 2.3 Tbps (terabits per second) DDoS attack with a request rate per second (rps) of 694,201 and a packet forwarding rate of 293.1 Mpps. One of the largest DDoS attacks ever is thought to have occurred.

#4. Microsoft Exchange Remote Code Execution Attack

In March 2021, a sizable cyberattack was launched against Microsoft Exchange, a well-known enterprise email service. It makes use of four different Microsoft Exchange server zero-day vulnerabilities.

These holes allow for the creation of phony untrusted URLs by hackers, who can then use them to get access to an Exchange Server system and provide malware with a server-side storage route. Attackers can access a server’s entire system and all of its data thanks to a Remote Code Execution (RCE) assault. Attackers put backdoors on the targeted systems, stole sensitive information, and did all of this in an almost undetectable way.

#5. Twitter Celebrities Attack

In July 2020, three attackers gained access to Twitter and took control of well-known Twitter accounts. They used social engineering techniques to get access to the company’s internal management systems and collect employee passwords, which were later classified as phishing efforts by Twitter (phone phishing).

What is the common form of cyber extortion?

Cybercriminals most frequently use ransomware as a means of extortion to demand money.

Reporting Cyber Extortion

Every year, millions of people are duped by scammers using software or internet services. These con artists trick their victims into sending money or disclosing private information. As a result, it’s crucial to take safety steps and report internet fraud if you’ve been a victim. Reporting any type of cyber extortion is usually the best measure against these con artists. Anyway, we’ll highlight some of the ways cyber extortion tricks occur, so you’ll address the situation effectively if you’re a victim.

Reporting Channels For Cyber Extortion

Knowing the appropriate security personnel to report to, is the first step to reporting any cyber extortion. If you believe you are a victim of internet fraud or another type of cybercrime, report it to the Internet Crime Complaint Center (IC3). Additionally, you can provide tips via the FBI website.

Your complaint will be forwarded to local, national, state, or international law enforcement. You should also contact the company that issues your credit card. Inform them if you are disputing unauthorized purchases or think your credit card number has been stolen.

Any alleged online crimes should be reported to the following government organizations:

#1. Internet Crime Complaint Center (IC3)

accepts accusations of a crime involving the internet. IC3 notifies local, state, federal, or international law enforcement on complaints it receives. In addition to registering a complaint with IC3, get in touch with your credit card provider. Tell them if you think your credit card information has been stolen, if there have been any unauthorized charges, or otherwise.

#2. The Federal Trade Commission (FTC)

Consumer complaints and online scams are reported to all tiers of the legal system. The FTC cannot resolve specific complaints, but it can provide you with recommendations on how to proceed.


It accepts complaints about online shopping and doing business with foreign companies.

#4. The Department of Justice (DOJ)

can help you report online or intellectual property crimes to the appropriate authorities.

Do You Know the Various Forms of Internet Fraud?

Online fraud’s most prevalent forms include:

  1. Phishing, or spoofing, is the practice of stealing identities using fake emails, texts, or websites. Alternately, it can be used to obtain sensitive data such as passwords for accounts, credit card numbers, bank account numbers, debit card PINs, and more.
  2. Private information, such as financial or personal details, maybe accidentally accessed, leaked, or posted from a protected location, resulting in data breaches. It is possible to utilize this information for financial crime and identity theft.
  3. Malware is software that is destructive and designed to destroy computers and computer systems.
  4. Internet auction fraud is the misrepresentation of items on an online auction site. Or it could occur if an online retailer fails to provide a customer with the items as promised.
  5. Credit card fraud is when con artists gain access to credit or debit card numbers fraudulently in order to obtain money or property.

Cyber Extortion Coverage

Some insurance policies include an insurance contract called “Cyber extortion coverage” to cover claims related to data breaches. While some firms refer to it as “cyber and privacy insurance,” others call it “information security and privacy insurance,” or”cybersecurity insurance.” Whichever of these you hear, it simply refers to your cyber extortion coverage.

This insurance plan provides coverage for the expenses related to a cyber extortion incident, such as when an insured receives an email warning that their website will be compromised until they pay a $10 million ransom. The expenses protected by this insurance contract are

  • Resources used to satisfy extortion demands,
  • The price of engaging computer security specialists to thwart extortion attempts in the future, and
  • The expenses related to negotiating or dealing with cyber extortionists.

Some insurers do not provide cyber extortion coverage due to the similar level of protection offered by abduction and ransom insurance policies (also known as “e-commerce extortion coverage”). Cyber extortion coverage is subject to an annual aggregate limit and an annual aggregate deductible, just like other cyber and privacy insurance policies.

What to do if someone is extorting you online?

Reporting cyber extortion is something everyone facing such issues must do. As soon as you receive any blackmail email or notification, inform the relevant authorities. Keep in mind that it is doubtful that you will be able to satisfy the blackmailer’s demands. Avoid confronting the person (online or in person), and immediately stop communicating with them.

What is a cyber extortion threat?

Cybercriminals generally use threats to engage in hostile conduct against a victim to extract money from individuals and businesses.

Is cyber extortion the same as ransomware?

Malicious software called ransomware, often known as cyber extortion, can shut down computer systems.

What is digital blackmail?

Digital extortion is the practice of requiring a person or company to pay in exchange for regaining access to stolen computer assets.

Can someone use email as a vehicle for extortion?

Of course, that’s the primary source of cybercrime. These criminals threaten businesses via email and individuals. For instance, they may send a message to a business, stating that if they do not receive a particular sum of money, they’ll reveal confidential information, exploit a security flaw, or launch an attack that will compromise the company’s network.


With the advancement in technology, cyber extortion is on the rise, however, irrespective of what those criminals threaten to do, reporting to the relevant authorities is the right thing to do.

Cyber Extortion FAQs

What are 5 cyber crimes?

  • Website Spoofing.
  • Phishing Scams.
  • Malware.
  • Ransomware.
  • IoT Hacking.

What is the punishment for cybercrime?

A conviction for specific cybercrimes might result in incarceration for the offender. This means the offender may face a term jail or prison sentence.

  2. Remote Work Security Threats: What Do You Need to Know
  3. Eccentric Security Issues of Blockchain in 2022(Opens in a new browser tab)
  4. Security Risks and Concerns Regarding Bitcoin


Leave a Reply

Your email address will not be published.

You May Also Like