Paying for unlock on computer with moneyAll businesses process, store and transmit private customers, partner and company data. This data ranges from internal documents to price lists to HR notes on employee behavior. The confidentiality and importance of such data make it a ripe target for threat actors looking to extort money from their victims.

How does extortionware work?

In most cases, extortionware uses traditional malware to infiltrate a company's digital resources. Once access is gained, the victim's data is stolen and analyzed to identify information that can be used against them. Cybercriminals then contact the victim and threaten to release sensitive, embarrassing or illegal information to the public unless the victim meets the criminals' demands. Typically, the demands are monetary in nature and involve the transfer of cryptocurrency.

Comparing extortionware vs Ransomware

Extortionware may sound a bit like ransomware, and it is. Both ransomware and extortionware access and exfiltrate company data, usually with the intent of making money from what was stolen. Unlike ransomware, which forces the business to pay or lose the data, extortionists threaten to publicly release the information. This often pressures businesses to comply, which increases the likelihood the victim will adhere to the demands. Recent ransomware variants, however, include extortionware features. Some hackers threaten to do both by encrypting and threatening to release data stolen during the attack.

How risky is extortionware?

Most risks associated with ransomware can be mitigated by frequent data backups. With backups, businesses can easily restore their encrypted data. Offline backups prove worthless when cybercriminals threaten to release data, rather than delete it. The only way to combat extortionware is to prevent it from happening in the first place, which makes it a greater risk to businesses than ransomware.

Despite this risk, ransomware remains far more common than extortionware. The reason is simple: Hackers can automate the ransomware process, casting a wide victim net, while extortionware calls for a more time-consuming approach. Extra effort is required to review the stolen content to determine if any of the information can be used for extortion purposes. Thus, extortionists usually do their homework before attacking to ensure a target is worth the effort.

Ransomware remains the preferred attack method of cybercriminals because many organizations still do not have proper offline backup procedures. However, once the lure and lucrativeness of ransomware dry up, expect a rapid shift to extortionware.

How to prevent an extortionware attack

Ransomware prevention practices also apply to preventing extortionware. However, victims of ransomware attacks can often avoid paying the ransom by restoring the encrypted files from offline data backups. When it comes to extortionware, prevention is the only way to keep hackers from obtaining data and  remaining unharmed. Extortion prevention measures include:

  • Installing antimalware
  • Conducting end-user cybersecurity training
  • Following a defense-in-depth security program
  • Keeping systems and software current with patches


TechTarget September 2021