These days, most businesses have an online presence and use the internet for many of their daily transactions, communication with customers and other third parties. Unfortunately, online criminals are well aware of that and will exploit any system and network vulnerabilities they find for nefarious purposes.
What is cyber extortion?
Cyber extortion is a form of online blackmail that can include intimidation and threats, usually for financial gain.
Cyber extortion is also sometimes known as online extortion. It is essentially a criminal act in which digital technology and the internet are used to threaten, intimidate or blackmail an individual or business for financial gain or other benefits.
Is cyber extortion the same as ransomware?
Although cyber extortion and ransomware are related concepts, they are not exactly the same.
Ransomware
A ransomware attack involves the use of malicious software to encrypt a victim’s data or lock them out of their systems and can be launched against businesses, individuals, and even government organisations.
The cyber criminals typically demand a ransom payment from the victim in exchange for providing the decryption key or unlocking the system. If the payment is not made within a specified timeframe, the criminals will permanently delete the data or make it public knowledge.
Cyber extortion
The term cyber extortion is typically used to encompass a range of threats and actions in which cyber criminals try to obtain money, services or other valuables from their victims through coercion.
So, ransomware is a form of cyber extortion, along with threats of data breaches, Distributed Denial-Of-Service (DDoS) attacks, leaking of sensitive information or exposing other system or network vulnerabilities unless the criminals’ demands are met.
What are the most common types of cyber extortion?
There are several common types of cyber extortion, including the following:
Threatening communication
This form of cyber extortion involves the criminal sending threatening emails, messages or other forms of digital communication to their victim.
These threats usually include exposing sensitive or embarrassing information about an individual or business, launching a cyber attack, disseminating harmful content or damaging the victim’s reputation.
Demands for payment or action
Once the extortionist has conveyed their threat, they demand payment, usually in the form of cryptocurrency like Bitcoin or by taking specific actions, such as transferring funds or providing confidential information.
Consequences of non-compliance
To coerce their victim into complying with their demands, the extortionist typically warns of severe consequences if their demands are not met.
Such consequences might include the release of confidential data, carrying out a Distributed Denial-of-Service (DDoS) attack on the victim’s website, or some other action that could cause harm to the targeted business or individual.
Payment and escalation
If the victim yields to the cyber extortionist’s pressure and pays the ransom, the perpetrator might choose to disappear, or they could continue to extort the victim repeatedly.
How can cyber extortion affect a business?
Cyber extortion can have significant and damaging effects on a business.
Financial loss – One of the most direct impacts of a cyber extortion attack is financial loss. Extortionists typically demand payments in cryptocurrency or some other difficult-to-trace form, and failing to comply with their demands can result in significant financial consequences for the targeted business.
Damage to reputation – In cases where the extortionist threatens to release sensitive data or intellectual property, a business’s reputation can suffer if that information becomes public. That erodes customer trust, damages the company’s brand image and can lead to loss of business.
Operational disruption – Cyber extortionists often use DDoS attacks to disrupt a company’s online services, rendering them temporarily or even permanently unavailable, which can lead to revenue loss and customer dissatisfaction.
Legal and regulatory consequences – Depending on the industry sector in which your business operates and the nature of the extortion, your company could face legal and regulatory repercussions, leading to fines and lawsuits.
Intellectual property loss – Sometimes, cyber extortionists target an organisation’s intellectual property, including trade secrets, patents or proprietary information. Losing control of such assets can have negative effects on your business’s competitiveness that often extend into the long-term.
Business continuity – If the cyber extortion attack is severe, it could disrupt your normal business operations to the extent that recovery is challenging and could even lead to the closure of your business temporarily or permanently.
Increased security costs – Following a cyber extortion attack, your business might need to invest more money in cyber security measures to prevent future attacks, placing additional strain on your company budget.
Loss of customer confidence – If your business falls victim to a cyber extortion attack, your customers could lose confidence in your company, fearing that their personal information might be compromised.
Supply chain impact – A cyber extortion attack often extends beyond the targeted business to its partners and suppliers, creating a cascading effect which disrupts the entire supply chain and causes further damage.
Which businesses are the most vulnerable to cyber extortion?
Certain types of businesses are historically more vulnerable to cyber extortion because of the nature of their operations and the potential impacts of a successful cyber attack.
Businesses that are often victims of cyber extortion include:
- Healthcare organisations, such as hospitals.
- Financial institutions
- E-commerce and online retailers
- Educational institutions
- Small and medium-sized businesses and enterprises
- Government agencies
- Critical infrastructure providers, such as power grids, transportation networks and water supply systems
The costs and risks of cyber extortion
Cyber extortion presents several costs and risks that can be significant, including the following:
Increased cybersecurity costs
If your business is a victim of cyber extortion, you might find yourself having to invest heavily to improve your cyber security infrastructure to prevent future attacks.
Containment and recovery expenses
Responding effectively to a cyber extortion incident demands a quick response to contain the attack and recover the compromised systems, which can be time consuming and extremely costly.
Potential repeat attacks
Just because you paid the cyber extortionists’ ransom, there’s no guarantee the criminals won’t return for more money or continue to target your business, leaving you trapped in a cycle of paying repeated ransoms.
Does cyber insurance cover cyber extortion?
Cyber insurance policies often cover cyber extortion, although the specific coverage can vary, depending on the insurance company and the policy’s terms and conditions.
Generally, cyber extortion coverage helps to protect businesses against the financial expenses and losses incurred as a result of cybercriminals threatening to release sensitive information or blocking access to data or systems unless a ransom is paid.
To learn how we can protect your business from cyber extortion attacks, get in touch with our team today.