Cyber Extortion: 12 Ways to Protect Your Business
Cyber Extortion Definition
Cyber extortion occurs when a hacker illegally accesses your organization's sensitive data or systems and then demands money in return for allowing you to either regain control or stop the attack. If you have an ecommerce site, for example, and a hacker launches a distributed denial-of-service (DDoS) attack, users may be unable to purchase your products or services—not until you pay the amount the hacker is asking for.
How Does Cyber Extortion Work?
Cyber extortion includes any kind of attack that the criminal says they will discontinue if you pay them money. In many cases, the hacker will initiate the attack and then send you a message demanding funds. After you pay the money, they may either stop the assault or relinquish control of your system.
Unfortunately, some attackers do not follow through on their promises. This means an organization may pay the money but not get the expected results.
When cyber criminals ask for money, they usually include directions on how to pay them. Often, this means receiving a cryptocurrency wallet to send the money to, which gives the hacker a few advantages. Not only is the exchange via crypto relatively fast and straightforward, but because cryptocurrency transactions keep the identities of the participants private, it is extremely difficult for authorities to track down the attacker.
Common Types of Cyber Extortion
Some of the more popular types of cyber extortion include ransomware, distributed denial-of-service (DDoS) attacks, and email-based extortion. While all of these fit the accepted cyber extortion meaning, any attack in which the hacker demands money would likewise be a form of cyber extortion.
One of the most common cyber extortion examples is ransomware. During a ransomware attack, a hacker breaches your network and hijacks your data, or other critical element of your network and demands that you pay them money, typically in cryptocurrency, before they allow you to access your digital assets again.
Another common form of cyber extortion involves a DDoS attack, in which a cyber extortionist sends a huge number of requests to your web server, giving it too many to handle. As a result, your website ceases to function properly to the point it can no longer serve legitimate visitors.
An unauthorized party has stolen files from a compromised computer (end-user or server) via cyber attack. The hacker demands payment for secure return of the data and/or guarantees that it will be removed from their repositories. This attack is also sometimes called “data kidnapping”.
Email-based Cyber Extortion
With email-based cyber extortion, the hacker sends you an email threatening to release private information over social media to family and friends unless you pay a ransom. In some cases, the criminal may be bluffing—they may not have anything embarrassing or disturbing to send. In other situations, they may have illegally obtained sensitive emails, text messages, pictures, or videos.
Real-life Cyber Extortion Examples
In 2015, the website Ashley Madison was hit by a cyber extortion attack. The hackers demanded that they shut down their site or they would release their customers’ private data. Ashley Madison refused to conform, resulting in customers' private information getting released.
In 2017, the TV show "Orange Is the New Black" was also hit by an attack. Cyber extortionists demanded $50,000 in exchange for not releasing some of the show’s episodes before their scheduled air date. The show's producer ended up paying, but the attackers leaked the episodes anyways.
How to Spot Cyber Extortion
Preventing cyber extortion is possible if you know how to spot the telltale signs. For example, keep an eye out for unauthorized, fake websites that look legitimate. Attackers use these to get users to enter personal information, such as login credentials.
A cyber extortion may also begin with a relatively innocent email offering you money in exchange for a specific action, such as assisting with a wire transfer. Any time you get an email offering you money, consider it a sign of a scam that could lead to cyber extortion.
12 Ways to Protect Your Business from Cyber Extortion
To safeguard your organization from cyber extortion and save yourself from having to pay huge sums of money, as recent cyber attacks, here are 12 things you can do:
1. Back-up files and data: With a backup that is readily available, even if you get hit with a ransomware attack, you still have access to the files and data you need to keep operations going smoothly.
2. Have a solid understanding of the data your business needs to operate: Knowing which data is essential to your organization's operations gives you a better idea of the assets you need to protect.
3. Use firewalls and anti-malware: These types of cybersecurity protections shield your system from malware that hackers use to execute ransomware attacks.
4. Perform background checks on all of your employees: If a potential employee has a criminal past, especially one involving digital fraud, this could be a red flag.
5. Educate all your employees on what phishing is and how to avoid it: Make sure to cover not just phishing, but also whale phishing and spear phishing. Phishing is when hackers attempt to fool victims into divulging sensitive information, whale phishing targets people in powerful positions, and spear phishing focuses on specific people or groups of employees.
6. Protect your organization from DDoS attacks: A DDoS attack is relatively easy to execute, especially if the attacker uses a botnet, which is a network of computers sending fake requests.
7. Have a breach management plan: Everyone who could be impacted by a data breach needs to be involved in the mitigation process. Also, perform periodic drills, training sessions, and tabletop exercises to make sure all of your employees are well-informed and prepared.
8. Use up-to-date tools: Update your software with security patches whenever they are available.
9. Use intrusion detection technology: Your intrusion detection solution should involve timely alerts that get sent to all the necessary stakeholders.
10. Implement an authentication system based on the principles of least privilege: If an employee does not need access to a particular segment of your network, they should not be able to access it.
11. Get cyber insurance: A cyber extortion insurance policy will help cushion your organization from the financial fallout that usually follows a cyber attack.
12. Implement the most recent cybersecurity technology: This should include a system that derives information from a threat intelligence network, such as FortiGuard Labs, so organizations always have the most recent threat data available at their fingertips.
How Fortinet Can Help
The Fortinet Security Fabric offers an effective, integrated set of tools that can protect your network from multiple angles. It includes Zero Trust Network Access (ZTNA) controls, threat intelligence, cloud security, secure networking, email threat protection, and anti-malware. In this way, the Fortinet Security Fabric enables you to protect your network from the different kinds of threats hackers use to launch an extortion attack.
What type of crime is cyber extortion?
Cyber extortion involves hackers working online to hold your data hostage or control your system until you send them a payment.
What is an example of cyber extortion?
A common example of cyber extortion is ransomware. During a ransomware attack, a hacker hijacks an element of your network and demands that you pay them money—typically in cryptocurrency—before they allow you to access your digital assets again.
How does cyber extortion work?
In a cyber extortion attack, a hacker either attacks your system, threatens to release private information, or takes control of some or all of your network. Then they demand money before they either stop the attack or return control to you.
What is cyber extortion?
Cyber extortion occurs when a hacker accesses or attacks your sensitive data or systems and then demands money in return for allowing you to either regain control or stop the attack.