Skip Navigation

January 15, 2024 |

What is cyber extortion?

Loading table of contents...

It’s no secret that various forms of cybercrime continue to rise in frequency and severity. The severe financial harm that threat actors cause to small businesses, corporations, and institutions cannot be understated.

According to a trend report by Surfshark, cybercrime-related monetary losses have grown over 570x (from $2,000 per hour in 2001 to about $1.2 million losses per hour in 2022). The report estimates total cybercrime losses have reached a staggering $36.4 billion worldwide.

Threat actors are constantly exploring new strategies to steal money from their targets, and one of the most damaging is cyber extortion. We'll go over the fundamentals of cyber extortion, the most prevalent forms, and helpful tips for bolstering your defense against cyberattacks.

What is cyber extortion?

Criminals have used extortion for thousands of years to bribe, blackmail, or manipulate people and institutions. Now, cybercriminals have learned how to use this age-old practice in the digital realm.

In short, cyber extortion involves an attack on an organization to acquire private data, freeze up networks, or halt operations altogether. After successfully gaining entry to the target digital infrastructure, threat actors will attempt to coerce the organization into paying a sum of money to, most often, prevent the release of sensitive data. 

The influence of cryptocurrency

In most cases, cybercriminals will request payment in the form of cryptocurrency. It's often argued that the rise in cyber extortion or other cybercrimes is largely due to the development of cryptocurrencies, which makes it easier than ever for threat actors to conceal their origins, intentions, and identities. 

After all, cash ransoms require a physical exchange that could be surveilled and tracked, while conventional electronic currency transfers are equally susceptible to investigation.

How does cyber extortion work?

Cyber extortion is essentially no different from mob-style extortion. In the early 1920s, infamous mobster Bugsy Siegel created a protection racket in the Lower East Side of Manhattan where he and his associates threatened to burn down the carts of any vendor who refused to pay protection money. 

But instead of threatening to burn down physical storefronts or assaulting shopkeepers, cybercriminals rely on the threat of disrupting business operations through seizing control of networks or releasing private data as the primary means to extort their targets.

Sometimes cyber extortion takes the form of blackmail, where the victim feels compelled to pay threat actors a sum of money in exchange for returning or deleting private information that could cause irreparable harm to a person or an organization. Other times, threat actors will successfully infiltrate an organization’s network and refuse to relinquish control until a ransom is paid.

Types of cyber extortion

Understanding the fundamentals of the strategies cybercriminals rely on is the first step to preparing your organization for cyberattacks. Here are the three main types of cyber extortion that organizations often encounter.


Ransomware is a type of malware designed to infect an organization’s network and encrypt all critical data found. Once the victim is blocked from accessing key files and devices, the threat actors responsible for the attack will demand a ransom to have access reinstated. Payment is typically requested in the form of cryptocurrency to conceal the identities of the threat actors.

Ransomware may be deployed in several ways, but according to the European Union Agency for Cybersecurity or ENISA, the use of phishing emails is by far the most common tactic. With this approach, cybercriminals will impersonate a trusted entity, such as an insurance company or a bank, and encourage the target to open the attachment within an email. 

Once opened, the attachment will deploy the malware onto the victim's device. According to the Cybersecurity and Infrastructure Security Agency, 80% of organizations assessed had at least one employee who erroneously opened a phishing email. 

Ransomware can also end up on a device by downloading files from malicious websites.

DDoS attacks

Cyber extortion may also occur as a result of a successful DDoS attack. A distributed denial-of-service attack seeks to overwhelm an organization’s server or website resources, often by simulating an unusually high volume of seemingly legitimate web traffic.

As the target is flooded with botnet connection requests, it becomes impossible for customers or employees to connect to the server. For many organizations, especially those in e-commerce that rely on website accessibility and availability to make sales, any disruption can be quite costly.

Next, threat actors will demand a sum of money to bring the attack to a halt. Cybercriminals may also simply attempt to threaten to perform a DDoS attack unless the victim pays a ransom.

While it may be tempting for some organizations and businesses to simply pay the attackers to quickly have services restored, there’s no guarantee that payment will prevent future cyber extortion attempts.


Another common method cybercriminals use to extort victims is the threat of doxxing. With this approach, attackers advise the target to pay a ransom to prevent the release of sensitive personal data, proprietary company information, or private correspondence.

This is what happened to Domino's Pizza in June of 2014 when a group of cybercriminals who call themselves Rex Mundi managed to acquire the private records of 650,000 customers. The group then threatened to publish the data online unless Domino's paid a ransom of some €30,000. Domino's refused.

Another example of doxxing occurred in 2017 when a network of hackers stole 1.5 terabytes of data, including scripts and unseen episodes of the show Game of Thrones. The cybercriminals then demanded a ransom payment, in the form of crypto, of $6 million to prevent the information from being leaked to the public.

Recent examples of cyber extortion

Threat actors don’t always target businesses, governments, or financial institutions with their extortion attempts. Cybercriminals will seek out and exploit vulnerabilities wherever they are found. This includes schools, which serve as depositories for huge amounts of data.

Unfortunately, the problem is only getting worse. According to the law firm Reynolds Porter Chamberlain, the number of cyber extortion incidents reported in the U.K. alone increased 39% between 2021 and 2022.

To get a greater sense of how cyber extortion works, let’s explore a few recent incidents.

Minneapolis School District data breach

In February of 2023, the entire Minneapolis Public School District suffered a massive data breach of private student data, including driver's licenses and Social Security numbers.

After refusing to pay the $1 million ransom requested, the attackers released the private information, including medical files, of some 1,900 students.

According to the K-12 Cybersecurity Resource Center, the number of cyberattacks on school districts in 2020 broke all previous records, citing 408 separate incidents that year alone.

Travelex ransomware attack

Another cyber extortion plot took place in 2019 on New Year’s Eve when foreign exchange giant Travelex became the target of a ransomware attack. The hacker group responsible for the attack apparently managed to access Travelex networks months before and claimed to have acquired a large amount of private customer information in the process.

Travelex was asked to pay $6 million to restore access to the data with the threat of doubling the ransom if it wasn't paid within two days.

The two-day deadline was not arbitrary. The General Data Protection Regulation or GDPR is the body that governs privacy laws in the European Union and can levy heavy fines against companies that do not report cyberattacks within 72 hours.

The threat to double the requested ransom payment within 48 hours appears to have been an attempt by the hacker group to leverage these fines as an incentive to pay the ransom quickly. Eventually, Travelex complied with the demands and agreed to pay a sum to the hackers in crypto amounting to $2.3 million.

Large-scale DDoS attack against Google, Amazon, and Cloudflare

In August of 2023, the largest DDoS attack to date was launched against industry powerhouses Google, Amazon, and Cloudflare. According to Google, this particular DDoS attack was 7.5 times larger than anything seen before.

While disruptive, the attack was ultimately unsuccessful as the companies targeted were able to rapidly respond to the attack and put the necessary prevention measures in place. Although no ransom demands were disclosed, this case demonstrates how even the largest organizations are not immune to the disruptive actions of threat actors.

Unfortunately, not all victims make it out of a DDoS attack unscathed. In 2017, a web hosting company called Nayana gave in to cybercriminal ransom demands and paid $1 million to stop an in-progress DDoS attack.

Tips for defending against cyber extortion

The increasing sophistication and scale of modern cyber extortion is a threat to organizations in virtually every industry. However, taking just a few steps to understand, identify, and mitigate cyberattacks can go a long way to limiting their destructive impact.

Here are a few simple yet effective tips for bolstering your organization's defense against various forms of cyber extortion.

1. Educate employees on phishing emails and other vulnerabilities

The first and most important line of defense against cyber extortion is your workforce. Considering an estimated 90% of cyberattacks start with some form of phishing, it’s critical to ensure your employees understand the dangers of opening suspicious attachments in emails or visiting dubious websites. 

In addition, it’s important to provide employees with continuing education regarding new threats as they arise, including known software vulnerabilities cybercriminals are currently exploiting.

2. Develop a comprehensive response plan for cyberattacks

A response plan will drastically improve your chances of thwarting or quickly recovering from a cyberattack. While you can create a cyberattack response plan from scratch, it's often easier to receive guidance and recommendations from experts familiar with detecting, responding to, and recovering from cyberattacks. Field Effect's Incident Response Preparedness Service provides just that.

In short, the fundamentals of an effective cyberattack response plan should include preparation, detection of suspicious activity, containment, recovery, and a post-incident review to learn from the attack.

3. Create multiple backups of sensitive data

Cyber extortion doesn’t always involve the threat of publicizing confidential data–sometimes it’s more about restricting access to or deleting the data. This is why creating backups of critical data is a good idea. To ensure the safety of these backups, create multiple copies of data kept in several locations (preferably offline to prevent unauthorized intrusions).

You should also perform occasional tests on backups to ensure the data is complete and the restoration of files runs smoothly.

4. Encourage strong passwords and multi-factor identification use

Employees should also be encouraged to change their passwords often and create strong passwords that contain letters, numbers, and symbols.

In addition, multi-factor authentication should be utilized to verify the identities of all employees with access to sensitive data or networks. Multi-factor authentication will ensure that even if passwords and usernames are stolen, threat actors will not be able to access network resources.

5. Implement a robust cybersecurity solution

Finally, you can further prevent cyberattacks by finding the right managed cybersecurity solution to meet your organization's needs.

Employing the support of experienced cybersecurity professionals will provide your company with complete defense against a wide range of today’s most dangerous digital threats, reducing your exposure to cyber extortion, ransomware, DDoS attacks, and more.

How Field Effect can help

At Field Effect, we have the complete cybersecurity solution your organization needs to stay resilient. With the help of Covalence's comprehensive threat monitoring, detection, and response functionality, you can ensure your organization remains prepared and capable of handling cyber extortion situations.

Download our free eBook about choosing the right cybersecurity solution to learn more.