By Mazhar Hamayun, cyber security engineer and member of the Office of the CTO at Check Point.

What is cyber extortion?

When we talk about cyber threats, one term is in the news more often than others: Cyber extortion. Cyber extortion is a broad term that refers to situations where a malicious actor or malicious group coerces an organization or individual into paying money or providing sensitive business/public safety information. Cyber extortion can take many forms, including online spying, harassment or other threats to public safety systems.

In contrast, ransomware is a more specific cyber threat. With ransomware, malicious actors try to gain access to a victim’s computer or network resources, encrypt all the data and make a system unusable for any business means. Once everything is encrypted, the attackers demand a ransom payment in exchange for the decryption keys, which will allow the victim of this attack to reclaim access to data and files.

Difference between cyber extortion and ransomware

There are several differences between ransomware and cyber extortion.

Cyber extortion usually targets individuals or small businesses. The intent is to steal money from individuals by gaining access to pictures, business data or other critical data. Having access to this private data enables the criminal to gain monetarily by requesting a direct monetary transfer or through gift cards. Once the financial transaction is complete, the victim may be granted access to their private data. Unfortunately, the criminal may have already copied and/or distributed the data in spite of payment.

Ransomware attacks often target large businesses, hospitals, and other organizations that have something beyond money to lose.

Another key difference between ransomware and cyber extortion is the way in which the ransom payment is processed. Most of the time, ransom payments are made through anonymous payment systems like cryptocurrencies. Cyber extortion usually involves a direct money transfer from individuals, such as via gift cards.

Exploring the scope of the attack vector

To further understand the full scope of cyber extortion, how it spreads, and the creation of an attack that is used by a criminal to transact payment, there are several methodologies to consider. Here’s how it often works:

Messaging Apps

In today’s world, we are moving rapidly toward increased mobile device and app adoption. The introduction of different chat applications (ex. i-message, WhatsApp, signal, telegram, Facebook messenger and several others) make it easy for malicious actors to send an initial message with a payload to create an infection. Once the recipient receives an infected link or file, the attacker gains access to a victim’s system. With the mobile or endpoint compromised, the attacker can steal sensitive information and threaten the victim with the release of their questionable or sensitive information, if they do not pay the ransom. In the next step, the attacker instructs the victim to make payments by sharing the gift cards for big name brands or via a money transfer from Western Union. The victim must then turn over the money within an extremely tight time-frame.

Extortion via email

Sometimes cyber extortion communication occurs via email. Once a victim’s system is compromised and their personal family pictures or other sensitive information is compromised, the attacker threatens to release the data on social media if the requested payment is not made. In a few cases, it has been reported that malicious actors share a proof of hack by showing victims some pictures or screenshots of documents.

Phone extortion

In this type of attack scheme, an attacker or malicious actor usually threatens the victim by calling from a blocked or spoofed phone number. They demand payment soon, and say that otherwise, sensitive information will be released publicly.

 How to deal with cyber extortion

When it comes to dealing with cyber extortion, it can be difficult and complicated for an individual or organization. There is also risk when paying a ransom payment. After payment, in the eyes of the hacker/s, the victim is confirmed as willing to pay. For a victim or potential victim, avoiding future attacks then becomes more difficult.

There are some important steps that an organization can adopt to deal with cyber extortion. These include…

Separation of business and personal devices

It’s always a best practice to keep separate devices and accounts for business and personal uses to ensure that breach of one didn’t impact other. Ensure that employees do so.

It’s key to ensure that people do not use business email accounts to sign up for social media or third-party shopping applications. Doing so can increase the possibility of phishing attacks that damage your business.

Implement robust security measures

For any individual or business, it’s very important to reduce the risk of becoming a victim. In cyber extortion prevention, it is important to implement strong security controls and to adopt the use of strong passwords, and multi-factor authentication. Be sure to use only licensed software and keep all software up-to-date with all patches released by the software vendor. It is also important to have multiple layers of security by having a firewall at home and on the office network, using endpoint security and by using mobile security solutions, which are capable of securing the systems. A traditional anti-virus is insufficient to prevent the latest and emerging threats. Security solutions must be robust. They must include behavioral analysis and also secure web surfing and email communications.

Cyber incident response plan

For any individual or business, it is very important to have a plan in place to deal with any such cyber attack. The plan should include having backups of important business/personal data and a procedure through which to restore important data for business continuity purposes. This plan should also include a way to communicate with staff and different stakeholders and a way to provide a secure and updated status.

Law enforcement notification

If an organization falls victim to cyber extortion, it is very important to notify local law enforcement and relevant authorities. This can help in dealing with damage control and sometimes provides an extra support to mitigate the ongoing attack and to secure the systems.

Laws to deal with cyber extortion

In the United States, cyber extortion is covered under Article 873. More information can be found here. In the USA, the FBI also maintains a special wing that will investigate cyber criminal acts and cyber acts that threaten national security. More details can be found here.


In conclusion, based on available data and resources, cyber extortion is a very serious threat to business of all sizes and individuals in daily life.

By understanding the threats and different cyber extortion attacks, as well as controls that can be implemented to prevent and mitigate the impact, organizations can protect themselves and their customers from damages done by these attacks.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the newsletter.