written by
Zack Calloway

Cyber Extortion: What Is It, and Is Your Business Protected?

Web Protection Email Protection Ransomware 3 min read
Have you updated to the latest version of Windows 11 yet? If not, it’s time to act – Microsoft has announced when it will end support for older versions (and it’s soon!).

Usually when people talk about digital threats to businesses, they focus on certain types of threats, like credential theft, ransomware, business email compromise, and malware. Those are all important threats that businesses need to defend against, but there’s another related type that doesn’t get enough coverage: cyber extortion.

What Is Cyber Extortion?

Cyber extortion is a malicious practice where criminals gain access to your organization’s data and then extort you with it, threatening to release it publicly or take some other action with it that will compromise your business or harm your reputation (or both). Usually this type of attack includes a request for ransom in exchange for not releasing your data or harming your organization.

How Is Cyber Extortion Different Than Ransomware?

Compromising your business and demanding a ransom — sounds an awful lot like ransomware attacks, right?

To be fair, plenty of people use the term ransomware attack to refer to a wide range of attacks, including cyber extortion. We’ve even done that on our blog before (whoops!).

But if we’re precise with the terminology, the two are different:

  • A ransomware attack affects systems and functionality, locking a business out of certain business functions or capabilities until they pay up.
  • A cyber extortion attack compromises data rather than functionality, locking a business out of its data and/or threatening to release that data unless they pay up.

Both of these are bad, of course. Both can deeply harm your business. But the ramifications are different.

What About Double Extortion?

You might also hear about something called double extortion. That’s when attackers start with a ransomware attack and then double down by adding on a cyber extortion attack.

Here’s a real-world illustration: one integrated security services firm was infiltrated by a cybercrime gang and locked them out of key systems — classic ransomware — demanding over $2 million to let them back in.

The security firm refused to pay, but then the hacker group doubled down: they released a chunk of the victim organization’s data online and threatened to publish the rest if the victim didn’t pay. Only now the ransom was even higher!

This kind of attack — first ransomware and then a cyber extortion attack — is what’s called double extortion.

The Good News: Cyber Extortion Is Harder to Do

There’s good news and bad news about cyber extortion. FIrst, the good news: it isn’t exactly easy to pull off. Ransomware attacks don’t have to be all that sophisticated — the bad guys just try the same things in lots of places until something works. But to graduate to a cyber extortion attack, the bad guys have to do more than bork your systems. They have to retrieve data, figure out what they can do with it, and then determine a release strategy. That’s just a lot more work.

The Bad News: Cyber Extortion Attacks Are Way, Way Up

Unfortunately, there are a lot more of these attacks happening this year. We said they are harder to do, but we didn't say impossible. One report posits that cyber extortion attacks are up 77% this year, with more than a thousand reported attacks in the first quarter of 2024.

How to Stay Safe

The best strategy for mitigating all of these types of attacks is to have robust, redundant backups of all crucial data and systems. If the bad guys lock you out of a database for which you have a perfectly functional backup, you’re not out anything other than the hassle of restoring from a backup. The bad guys get nothing (presuming they didn’t get into your backups!).

Other strategies are the same as for ransomware and other attacks: keep software and operating systems updated, and implement multi-factor authentication. Most importantly: work with a trusted IT partner who can help you bolster your digital security and form a response plan if you do get hit.

Need a partner who can do this? Reach out to our team today!

web protection Network Security disaster