Cyber-Extortion: The Multi-Million Dollar Criminal Act You Don’t Hear About

You’ve heard of viruses, malware, and all the other threats running rampant out there, but what about cyber-extortion?

The Multi-Million Dollar Criminal Act You Don’t Hear About

You’ve heard of viruses, malware, and all the other threats running rampant out there, but what about cyber-extortion?

There’s a lot of traditional types of cybercrime out there – from drive-by downloads to phishing attacks and everything in between. You hear about these types of cybercrime on the news all the time – and for a good reason. As time goes on and technology advances, cybercriminals are finding new, more sophisticated ways to steal personally identifiable information, drain bank accounts, and render systems useless. But there’s one lesser-known, multi-million dollar criminal act that’s coming back – largely unheard of and ignored in the news.

Cyber extortion: the act of making threats to demand payment instead of stealing it

Over the past couple of years, cyber extortion has made a huge comeback with state and local governments, healthcare agencies, and law enforcement agencies falling victim around the world. Essentially, hackers make threats to demand payment instead of stealing it. This can involve:

  • Threatening to use some form of malicious activity against a victim
  • Threatening to release some form of private information belonging to the victim

You may have heard of sextortion scams happening in the past couple of years. This falls under the category of cyber extortion. Hackers send an email to multiple targets asking them to pay a specific fee or face the embarrassment of having video footage of them viewing adult content leaked for everyone to see. In many cases, the threats referenced “proof of compromise” in the form of their login credentials for an account found on the dark web.

But here’s the thing: if you’ve ever had an account compromised, even an application you don’t often use or something similar, those login credentials are likely on the dark web somewhere. Victims often get worried when the hacker brings this information to their attention, but it’s likely not a sign of your system being compromised. You simply need to change your login credentials for any accounts using them.

How does cyber extortion differ from other forms of attack, such as ransomware?

Although similar, cyber extortion differs from other forms of attack as the hacker is merely making a threat rather than launching an attack. In the case of ransomware, the hacker has already found a way to compromise your system and encrypt your data before requesting payment. In the case of cyber extortion, the hacker hasn’t found a way to compromise your system, but instead, tries to trick you into paying with threats.

Our recommendations for staying safe

Although cyber extortion typically doesn’t involve any actual stolen data or compromised systems, there is always a risk that hackers will find a way to follow through with their threats. It’s best to remain vigilant and take proper precautions:

  1. Invest in dark web monitoring wherein you can keep track of any stolen information or login credentials posted to the dark web.
  2. Train employees to recognize extortion and make sure they’re aware of the importance of protecting sensitive information.
  3. Safeguard your sensitive data with antivirus software, firewalls, two-factor authentication, and backups in the event of theft or loss.
  4. Use webcam covers on computers as it’ll help give employees peace of mind knowing there’s no chance of hackers recording videos.
  5. Follow the practice of least privilege and only give employees access to the data and systems they need to do their jobs.
  6. Use complex, hard-to-guess passwords and make sure a unique password is used for every account.

Need assistance staying safe against cyber extortion and other threats running rampant? Get in touch with us via the chatbox.

Like this article? Keep reading…

Ransomware Protection

Tip of the Week: Spot a Hacker By Investigating Their IP Address

Protect Yourself From Email Attacks By Knowing What to Look For