When cybercriminals take over your data or website and demand ransom, you become a victim of cyber extortion. These types of attacks and the ransom payments they need are on the rise, with some companies paying hundreds of thousands of dollars or more to regain access to their systems. We explain how cyberextortion works and what you can do to prevent it.
What is cyber extortion?
Cyber extortion occurs when a malicious actor hijacks your data, organization, or website and demands payment to return the information, programs, or site. These ransomware attacks are increasing, and so are their costs. Statista said the average ransom payment in the second quarter of 2023 was $740,000, compared to $328,000 in the first quarter.
This is perhaps not surprising given that by 2023, more than 72% of businesses worldwide have been affected by ransomware, according to Statista. Recovering from a ransomware dose is expensive, with bills reaching $165,520 for companies with revenues under $10 million, according to Sophos’ The State of Ransomware 2023 report.
Although the ransom amount cybercriminals demand from your business may depend on the size of your business, most companies today are at risk and need to protect themselves from ransomware attacks. In the case of cyber extortion, a business may not be able to operate until the threat is addressed.
This may mean paying criminals a lot to regain control of your systems. If you believe you do not have the financial means to pay the ransom, it is even more critical to avoid cyberextortion in the first place.
How does cyber extortion work?
Cyber extortion begins when a kidnapper gains access to your computer systems. They look for weaknesses in your security or hack passwords to gain access.
Once on systems, they typically insert a type of malware called ransomware or create a distributed denial of service (DDoS) attack.
Due to this intrusion, the business owner, staff, and customers cannot usually use the affected systems and risk having their data exposed.
After taking control of the systems, the hijacker demands money before allowing the company to reaccess them.
What are common types of cyber extortion?
Cyberextortion is not limited to just one method. There are many ways for hijackers to infiltrate your company’s systems and demand payment from you, including the following:
Malware
Ransomware is malware: malicious code or software inserted into a computer system to compromise it. Cooperated areas may include data confidentiality, system operations, or operating system operations. Often, malware is not detected immediately and works until someone using the system realizes something is wrong.
Ransomware also creates encryption keys needed to regain access to data or systems. The cybercriminal keeps the encryption keys until the ransom is paid.
Distributed denial-of-service attacks
A DDoS attack sends a lot of traffic and requests to a website till the site becomes overwhelmed and unavailable. Cybercriminals infect a computer network to send simultaneous needs to the target site, causing it to fail. This type of attack is usually executed in coordination with other cyber intrusions.
Phishing
In a phishing attack, hackers impersonate a trusted email sender to gain access to information. Hackers can view that data if the recipient is tricked into following links that ask for passwords and other private data. Phishing has become a common tactic among cybercriminals, and companies should train their employees to avoid falling victim to phishing schemes.
Corporate account takeover (CATO)
CATO occurs when a hijacker impersonates the company’s website or email and requests banking or ACH transactions. The funds are sent to an account that appears legitimate but is controlled by the kidnapper. Companies with minimal control over online investment systems are particularly vulnerable to these attacks.
Who is susceptible to cyber extortion?
Any occupation that involves digital operations or storage is vulnerable to cybercrime, including cyber extortion. Since the malware is easy to install, cybercriminals do not need to put much effort into executing the attack.
Below are some types of companies and professionals particularly at risk:
- E-Commerce Businesses: Businesses relying on websites to market and produce sales are highly susceptible to ransomware.
- Medical Offices: A medical office with digitally stored files is a target for data theft and compromise. [Get file management tips and software references for secure file storage.]
- Sales teams and financial advisors: Those using online customer relationship management (CRM) software, counting client portals, are often prime targets. [See our pick of the best CRM software from reputable vendors who take security seriously.]
However, the reality is that any company that relies on centralized digital tools and operations is vulnerable to hijackers.
What are some examples of cyber extortion?
There have been many public examples of cyberextortion in recent years.
- Dish Network: In 2023, satellite television provider Dish Network experienced network outages after a ransomware attack that also affected the data of 290,000 people, including current and former employees. A data breach notification sent to Maine’s attorney general suggests the corporation paid a ransom to regain access to its systems and protect compromised data.
- Black Basta: This notorious ransomware group has infected more than 100 companies in 2022 and 2023 with the threat of publicly leaking data from high-profile organizations, including the American Dental Association and Canadian Yellow Pages.
- Government of Costa Rica: More than 30 public offices in Costa Rica were victims of a ransomware cyberattack by the Conti group in 2022. The government estimates that the incident will cost $30 million in the coming days: the situation.
- Colonial Pipeline: In 2021, oil transportation was halted until the company paid a $4.4 million ransom in Bitcoin. Some of these funds were recovered in what appears to be a Russian hacking scheme.
- Hive: In 2023, the FBI took down the Hive ransomware gang, which had extracted over $100 million from over 1,500 organizations in 18 months.
What are the impacts of cyber extortion?
Cyberextortion has a significant impact on businesses and, in some cases, the general public. The attack on the Colonial Pipeline raised concerns about a possible gasoline shortage in the southern and eastern United States. Gas prices subsequently rose as the industry sought to cope with demand.
Colonial Pipeline partially paid the payment because it could not estimate how long it would take to recognize and remediate its systems.
For a small business, the influence of cyber extortion is significant. A Kaspersky report states that the average cost of a data breach exceeds $105,000 for small businesses. If this event involves extortion, you could pay an additional ransom of $1,500 to $50,000.
Additionally, business operations suffer when your system is down, and your company’s reputation can suffer if the attack makes your organization appear untrustworthy. Customers may decide to do business elsewhere.
The actual cost of recovery from a cybersecurity occasion ranges from $826 to $653,587, given to Verizon. This is money that most small business owners don’t have to spend. If a company cannot afford the cost of a cyberattack, it may be forced to close its doors permanently.
How cyber liability insurance can help
One way to defend your small business is to purchase cyber insurance, separate from general liability insurance. This business insurance will cover restoring your system after a cyber attack.
Coverage includes mitigation services to attempt to complete backup and recovery operations as quickly as possible. Your insurer will negotiate with cyber attackers and pay ransoms up to policy limits.
While not all attacks can be prevented, cyber liability insurance reduces the impact of cyber extortion on your company’s bottom line.
How to prevent cyber extortion
Since all small businesses are at risk of cyber extortion and most cannot afford to pay a ransom, business owners must do everything they can to prevent a data breach. We are following these tips to help manage your cybersecurity risk:
- Maintain systems health. Ensure you have an effective firewall and regularly update your operating systems and software. Also, use an up-to-date virus protection program.
- Save, save and save again. Regularly scheduled backups may seem jobless, but they ensure you can be back up and consecutively faster after a cyberattack. Without backups, you are at the mercy of hackers.
- Train your employees. Help your employees understand the behaviour that can leave your business susceptible to cyber risks. This includes educating them to recognize (and not fall for) phishing scams, responding only to those who need information (rather than everyone), and avoiding using public devices and the Internet unless they can use a secure mobility system.
- Use an intelligent Internet protocol. Avoid clicking on pop-up ads when using commercial devices. These ads may contain malware that will gradually gain access to your system.
How to respond to cyber extortion
I hope you never find yourself in this situation, but if your company is the target of a cyber extortion attempt, there are habits to deal with it. Below, we clarify how to handle a ransomware lawsuit.
Upon discovery
Presumptuously, you have cyber insurance; within 24 hours of being aware of the cyber extortion attempt, you should contact your insurer to understand your current level of coverage and what may apply to the situation. Also contact your attorneys and local authorities; They will be needed to ensure that your responses to the situation comply with current legislation.
If you have an in-house IT team and are confident in their abilities, leave them in charge of the technical recovery of your business after the incident. If you don’t have an in-house IT team or aren’t sure they have enough experience and knowledge to deal with the attack, hire an external cybersecurity expert.
Regardless of who is responsible, your priority should be investigating the violation. Your immediate priority should be protecting your system instead of getting your business up and running again. They must also ensure that any intruders left on their system are expelled and close the virtual door to any further access attempts.
Some companies may hire an external communications and public relations team to grow a crisis communications plan. This team can handle media inquiries and manage corporate communications with clientele who may have been affected by the attack. To maintain the trust of your customers and satisfy the press, your communications during this period must be clear, consistent and precise.
The following week
His insurer will open an investigation into the circumstances surrounding the extortion attempt. Regulators may want to do this, too, especially if cybercriminals threaten to disclose sensitive personal information, such as medical records.
By regularly backing up your data to secure, encrypted cloud services, your IT team and a third-party consultant can begin to restore your systems and applications so staff can use them again in their daily activities. They should be able to easily remove malware from your network and change passwords.
However, the extortionist will likely pressure you to pay and often give you a response deadline. Even if they meet deadlines, they will lose their core business if their systems are locked down or their data is deleted.
Consult a lawyer and the authorities before deciding whether or not to pay the ransom. This may have legal and insurance implications, but it may also have implications if you refuse to do so.
In the weeks after
By now, your IT side or cyber consultant should know what they need to do to stop future breaches and start protecting your IT network. As your business returns to normal operations, you must decide how to defend against future attacks. You may want to create a cybersecurity-specific budget to fund staff training and more robust networking hardware.
Long term
Whether you decide to pay the ransom and regain complete control of your network and data or not, the fallout from the attack is likely to continue for some time. Keep as much recovery equipment intact as possible while strengthening your cyber defences.
You are repairing financial and reputational damage and maintaining ongoing communication with authorities. If these key people can continue to help you protect your network and data in the future, it will be a long-term strategic advantage for you.
Additionally, the more you can demonstrate that you were diligent in defensive your systems in the first place and competent in how you responded to the attack, the better you will appear to your insurers, authorities, and the public. You’ll want to work to regain lost customer trust, and demonstrating accountability can help you do that.
