What is targeted extortion?
We're kicking off our brand new "What is...?" series today with targeted extortion. This growing threat is an evolution of the more well-known ransomware. Here, we explain how this emerging threat is different and what its potential impacts are.
Ransomware is a type of malware that typically works by encrypting the data on a victim’s computer and then demanding a ransom payment to gain access to the decryption key. Because this method is not targeted and the cybercriminals who use it do not have a sophisticated understanding of their victims, the actual ransom amounts demanded are typically fairly modest – sitting around $300 on average. But with ransomware now an established method of attack, and with IT security systems getting better at blocking indiscriminate attacks, we are starting to a change in tactics and a move towards targeted extortion.
Targeted extortion is a situation where cybercriminals set their sights on a vulnerable organisation and look to extort money out of them. And because they have a better understanding of their victims, these cybercriminals are also raising their ransom demands accordingly, with many requesting amounts in excess of $50,000.
The way in which cybercriminals carry out targeted extortion can vary, but most attacks generally involve one of the following:
- Cybercriminals gain access to the organisation’s computer systems and encrypt their data and hold it to ransom until payment is made to decrypt the data;
- Cybercriminals get hold of an organisation’s sensitive data and threaten to release it into the public domain unless a ransom payment is made; or
- Cybercriminals threaten to carry out a Distributed Denial of Service (DDoS) attack on the organisation’s website or to unleash some form of malware onto their computer systems unless a ransom payment is made.
Over the past year, we’ve seen an uptick in attacks of this nature. To give just one example, we recently dealt with a claim from a hosted platform provider that cybercriminals specifically targeted, accessing their systems, encrypting their data and back-ups, and holding them to ransom for 75 bitcoins – the equivalent of some $579,450 at the time of the attack.