Security Experts:

Connect with us

Hi, what are you looking for?



The Rise of Cyber Extortion

Cyber Extortion

Cyber Extortion

In 1824, the Duke of Wellington received a letter from a publisher threatening to publish a memoir by his former mistress. The publisher offered to keep the Duke out of the book if he received a sum of money. The Duke reportedly sent the letter back with “Publish and be damned” scrawled on the back.

Fast forward hundreds of years later, extortion not only exists but is thriving. In fact, it has bled over to the digital world.

Over the last couple of years, cyber extortions have revolved around the most valuable aspect of the digital age – data. The first case of cyber extortion, as reported by Thomas Whiteside in his book Computer Capers, occurred in 1971 when two reels of magnetic tape belonging to a branch of the Bank of America were stolen at Los Angeles International Airport. The thieves demanded money for their return, but the ransom was not paid because tape backup was available.

But things have escalated since.

Cyber extortions have taken on multiple forms, all focused on data – encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data:

Ransomware – As the name suggests, ransomware is a type of malware propagated via the traditional means – phishing emails, website drivebys, malvertising. Once the victim’s device is infected, the ransomware begins to encrypt private files the data, before popping up a message demanding a ransom in exchange for the encryption key. Adevastating case of ransomware was Cryptolocker where the attackers demanded payment of $300 in Bitcoins within three days to not only decrypt the files, but to prevent them from being destroyed forever.

Denial-of-service attacks – A denial-of-service attack is when an organization’s website or online business is flooded by so much traffic that legitimate users are denied access. In an extortion situation, the cyber extortionists demand money to stop the DDoS. These attacks can be difficult to stop and impacts financial revenue. Many tech startups are reportedly targets because many do not have the infrastructure to defend against them. Meetup, Basecamp,, Shutterstock and MailChimp have all been targeted.

Holding sensitive data hostage – Stealing data and threatening exposure is nothing new. In 2007, Nokia paid millions of euros to ensure that an encryption key for their Symbian OS would not be released to the public. In June 2014, a cyber extortionist group called Rex Mundi claimed it had customer records for 650,000 European Domino’s Pizza customers. Rex Mundi threatened to release those records if the company didn’t pay a ransom of about $41,000. In January 2015, the same group demanded a ransom from a bank in exchange for nothing releasing 30,000 emails with sensitive data if the bank didn’t pay a ransom. Neither victim paid.

Holding AWS accounts hostage – In June of last year, an attacker took over Code Spaces’ AWS administrative panel, and offered to return controls for a price. When the company refused, the attacker began to delete data, backups and configurations, putting Code Spaces out of business. The same pattern of attack occurred with Websolr and Bonsai, two search application infrastructure services provided by One More Cloud LLC, but they managed to recover.

One of the reasons these attacks have grown exponentially is because of the availability of digital currency. Instead of having to deal with physical cash and paper trails, extortionists now benefit from anonymized digital transactions with Bitcoin. Anyone can set up a Bitcoin wallet address without any financial oversight, which means any cyber extortionist can carry out an attack and extract payment.

Is there anything that can be done to prevent cyber extortion? Quite simply, identify and categorize your data. Spend your efforts protecting the most critical data. The easiest way to do this is by moving your data to the cloud. Why? Because when your data is in a corporate approved cloud storage application, you’ll know exactly where it is versus being distributed across multiple endpoints, personal email accounts and internal servers in data centers. The combination of security from your cloud application vendor, and a cloud access security broker probably delivers better security than most organizations can for their internal data center.

As long as companies continue to pay ransoms when attacked, we should expect cyber extortion to continue in 2015.

Related:30 Percent of Companies Would Negotiate Data Ransom With Cybercriminals

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...