What Is Cyber Extortion?

Updated on April 2, 2025.

Cyber extortion is a category of cybercrime that involves digitally threatening or coercing someone to do something against their will. Cyber extortion typically disables an organization’s operations or exposes an entity’s valuable assets such as confidential data, intellectual property or infrastructure systems. A cybercriminal will then threaten organizations or individuals to pay a ransom to prevent further cyber attacks or regain access to their sensitive files or operations. The ransom is typically either money or access to other sensitive information.

Continue reading to learn more how cyber extortion is different from ransomware, how cyber extortion works, real-life cyber extortion examples and how your organization can stay protected.

Is cyber extortion the same as ransomware?

Although cyber extortion and ransomware are often used interchangeably, they’re not exactly the same, though they are closely related. Ransomware is a tool that cybercriminals use to carry out cyber extortion. While every ransomware attack is a type of cyber extortion, not all cases of cyber extortion involve ransomware.

Cyber extortion is a broad form of cybercrime in which cybercriminals digitally blackmail organizations or individuals to get what they want. Cybercriminals can threaten to leak data, launch cyber attacks, disable operations, prevent users from accessing data or destroy stolen data unless the victim pays some form of a ransom. Cyber extortion uses a variety of methods such as doxxing, Distributed Denial-of-Service (DDoS) attacks and ransomware.

How cyber extortion works

Cyber extortion works by first identifying the security vulnerabilities of an individual’s devices or an organization’s systems and exploiting them to gain unauthorized access. Once the cybercriminal gains unauthorized access, they access as many devices as possible, disable systems and steal as much data as they can. The cybercriminal then threatens that the organization or individual must pay a ransom to regain access to sensitive data, restore systems or prevent further cyber attacks.

The five steps of cyber extortion include:

1. Infiltration: Cybercriminals gain unauthorized access by compromising a victim’s network, system, device, data or server. Cybercriminals execute infiltration using a variety of techniques, such as phishing or exploit kits, to identify security vulnerabilities and gain unauthorized access.
2. Execution: When the cybercriminal has infiltrated the organization’s systems, the cybercriminal will prepare for the cyber extortion or launch a cyber attack. They often install malware that steals data, disables systems or infects as many devices as possible.
3. Extortion: Cybercriminals will then make their presence known to their victims by threatening them and ordering them to pay a ransom. If the victim does not pay the ransom, the cybercriminal will launch a cyber attack, leak or destroy stolen data, or prevent them from regaining access to compromised data or systems.
4. Payout: If the victim pays the ransom, cybercriminals should return access to an organization’s valuable assets or restore their systems. However, this is not always guaranteed as cybercriminals can, and often, refuse to keep their end of the bargain. 
5. Repeat: After a cyber extortion incident, cybercriminals will keep track of previous victims to retarget them for future cyber attacks. Since the victims have already shown that they have security vulnerabilities and are willing to pay a ransom, cybercriminals try to steal more data and money from them.

Real-life cyber extortion examples

Here are a few examples of cyber extortion that happened and their impact.

2014 Sony Pictures hack

In September 2014, Sony Pictures was targeted by a group who called themselves the “Guardians of Peace.” These hackers leaked a large amount of sensitive data, which included unreleased films, employee information and internal communications, and planted malware. The malware destroyed 70% of Sony’s laptops and computers. They also demanded that Sony cancel the release of the movie “The Interview,” which was a comedy about a fictional assassination of Kim Jong-un. 

What was the impact?

• The leak of sensitive information cost Sony millions of dollars in legal fees and damage control and also impacted the release of movies, which led to lost revenue.
• Since the attack was believed to be politically motivated, it ultimately raised concerns about state-sponsored cyber extortion.

2017 WannaCry ransomware attack

On May 12, 2017, a ransomware worm called WannaCry spread to more than 200,000 computers in over 150 countries. Major companies such as FedEx, Nissan, Honda and the UK’s National Health Service (NHS) were victims of this attack. The ransomware spread through a known vulnerability in Microsoft Windows systems and cybercriminals demanded ransom in Bitcoin to unlock encrypted data.

What was the impact?

• The UK’s NHS was hit the hardest, with hospitals and medical staff unable to access patient records, which led to canceled appointments and surgeries.
• It’s estimated that the attack cost up to $4 million in losses worldwide, with some businesses forced to shut down their operations temporarily.

2020 Garmin ransomware attack

On July 23, 2020, Garmin, a popular fitness-tracking GPS wearable company, was targeted by WastedLocker ransomware. This attack disrupted website functions, customer support and user applications. The hacker group Evil Corp demanded that a ransom of $10 million be paid in exchange for decrypting the data. 

What was the impact?

• Garmin users were unable to access their data for several days due to service downtime.
• It’s believed that Garmin paid the $10 million ransom through an intermediary, though this is not confirmed.

How organizations can stay protected against cyber extortion

Cyber extortion can result in the loss of sensitive information, disabled operations and significant financial losses. To stay protected against cyber extortion and mitigate its effects, organizations should implement the following:

Create an incident response plan

An incident response plan assigns responsibilities and lists procedures to follow in the event of a security breach. It allows organizations to handle cybersecurity incidents by identifying cyber attacks, remedying the damage and preventing them from happening in the future. Having an incident response plan in place ensures that your organization is prepared to handle any form of attack and lessen the impact if one were to occur. 

Implement least privilege access

Organizations should implement least privilege access to prevent cybercriminals from gaining access to sensitive data. The principle of least privilege is a cybersecurity concept that gives users just enough access to the data and systems they need to do their jobs and no more. By implementing least privilege access, organizations can reduce their attack surface, minimize insider threats and prevent cybercriminals from being able to move laterally within their network. 

Educate employees about cybersecurity best practices

Employees can be your organization’s weakest link, which is why it’s important to take the time to educate them about cybersecurity best practices. Provide employees with monthly security training, tackling topics like identifying social engineering attempts, securing accounts with strong passwords and Multi-Factor Authentication and being cautious about what they share online. The better prepared your employees are, the stronger your organization’s cybersecurity will be.

Keep software up to date

Cybercriminals can exploit known security vulnerabilities found within outdated software to gain unauthorized access to accounts, devices or networks. Keeping software up to date ensures that these vulnerabilities are patched and greatly reduces the chances of your organization being exploited through them.

Regularly back up data

Organizations and individuals can lose access to their data due to cyber attacks or damaged hardware. To always maintain access to data, individuals and organizations should regularly back it up on a cloud-based service or a physical external hard drive. Having a backup of data can help prevent you or your organization from having to pay a ransom as a result of a cyber extortion incident.

Use antivirus software

Cyber extortion often requires the use of malware to steal sensitive data. Antivirus software is a program that prevents, detects and removes known malware from devices. With antivirus software, individuals and organizations can detect and remove incoming malware from infecting their systems. 

Invest in cyber insurance

Cyber insurance is a specialized insurance policy created to protect businesses from losses due to cyber attacks. It covers the cost of notifying an organization’s customers of a security breach, restoring compromised identities of customers, and repairing damaged systems and data. Cyber insurance also connects organizations with third-party experts to aid with attack recovery.

However, it’s important to understand that cyber insurance will not cover prior security breaches or attacks caused by human error, inadequate security measures and preexisting security vulnerabilities. Although cyber insurance can help remedy the damage of cyber attacks, organizations need to secure their data and take the necessary precautions to prevent cyber attacks.

Stay protected against cyber extortion with KeeperPAM

Cyber extortion can be difficult to deal with and leave damaging effects such as financial loss and reputational damage. Organizations need to secure their data and mitigate the risks of cyber attacks. One of the best ways organizations can stay protected against cyber extortion incidents is by investing in Privileged Access Management (PAM).

KeeperPAM® enables organizations to implement least privilege access and ensure their sensitive data can only be accessed by those authorized to do so. 

Request a demo of KeeperPAM today to secure your organization’s most valuable data.