Cyber Extortion vs Ransomware: Their Difference Explained

Share this article:

Written by: ConsultNet

A man in a hood is sitting in front of a computer in a dark room.

Companies of all sizes in all industries continue to face a constant barrage of cyberthreats. Hackers, armed with more sophisticated attack strategies, use a dizzying array of techniques to try and disrupt businesses and government agencies at an alarming rate.

In recent years, cyber extortion has become an increasingly effective attack. Ransomware, which holds companies hostage digitally and disrupts operations, is perhaps the best-known example of cyber extortion.

Increasingly, a new threat – extortionware -- has emerged.

All these attacks mean businesses must be ever-vigilant, protecting their systems, networks, data, customers and employees from cyberthreats.

What is Cyber Extortion?

Cyber extortion and ransomware have some similarities. Both infiltrate critical systems and cause extensive damage. Both use exploit vulnerabilities to gain unauthorized access to critical assets.

However, the approach, outcomes and destruction are different.

Cyber extortion is a broad category that covers multiple types of cyberattacks. In each case, cyber extortion steals or controls, causing harm to the targeted organization. The attackers demand a ransom be paid to recover the lost or locked assets.

Types of Cyber Extortion

There are many types of cyber extortion. Each has its own methods and outcomes. Here is a closer look at some of the most common.

Distributed Denial of Service (DDoS): This attack overwhelms an organization’s website or network with simultaneous, organized traffic requests. The site or network can quickly be overwhelmed and shut down, with hackers demanding payment to stop the assault
Doxing. This attack occurs when hackers gain access to sensitive or embarrassing information about an individual or organization. Emails, photos and customer data are common targets and can damage personal or professional reputations. The attacker threatens to release the information publicly if a ransom is not paid
Data Breach. Protecting your data is critical. When data, especially when consisting of customers’ financial or personal information, can be devastating to a company’s bottom line and reputation. Hackers often threaten to release or sell the stolen information
Software Vulnerability. Cyberattackers can identify flaws in software and insist a ransom be paid for not exposing and exploiting the vulnerability

Common Targets of Cyber Extortion

Any organization can become the target of a cyber extortion. However, there are certain organizations that are more commonly targeted.

Financial institutions, such as banks and credit unions, are popular targets due to the large amounts of data they collect about customers, including personal and account details.

Healthcare organizations, which contain sensitive health information about patients, are another popular target for cyberattacks.

Increasingly, educational institutions and government agencies are also being attacked.

Cyber Extortion Examples

Here are several examples of recent cyber extortion cases:

Sony Pictures. In 2014, criminals called the “Guardians of Peace” stole vast amounts of information, including unreleased films and emails. The group demanded that Sony not release a film, The Interview, about an assassination of a North Korean leader.
Equifax. In 2017, Equifax failed to update servers with a security patch. Hackers spent 76 days in the company’s networks, stealing data from 51 different databases
GitHub. A 2012 DDoS attack bombarded GitHub with 1.35TB of data requests per second, though GitHub was able to stop the attack within 5 minutes

What is Ransomware?

Ransomware is a type of cyber extortion that involves gaining control of an organization’s technology systems. Often, the attackers will encrypt the organization’s data, which locks out any users from accessing the information or software.

To gain access to the decryption key, the attackers often demand a ransom, typically requesting payment in cryptocurrency, making it difficult to track the money.

Two men in hoodies are looking at a computer screen.

Often, attackers gain access via malware, a software program that is placed in the organization’s systems. The malware is controlled remotely, allowing cyberattackers to take over control and encrypt the data from anywhere.

Common Targets of Ransomware Attacks

Like with cyber extortion, ransomware often targets financial services, healthcare, education or government entities. However, ransomware attacks can focus on any industry, including retail, energy, manufacturing, business services, transportation and technology businesses.

Ransomware Examples

Here are two notable ransomware attacks:

WannaCry. The largest-ever ransomware attack in May 2017 infected Windows computers worldwide, with an estimated 230,000 computers affected in 150 countries. Microsoft had released a software patch to address the vulnerability the attackers used, but many users had not yet installed the upgrade
Colonial Pipeline. In May 2021 a group called DarkSide targeted Colonial Pipeline’s IT systems, demanding payment to decrypt data. Colonial paid the group 75 bitcoin (about $4.4 million) to regain access, but not before shutting down major pipelines causing fuel shortages along the East Coast

Cyber Extortion vs Ransomware

Ransomware is a subset of cyber extortion. While there are many types of cyber extortion, ransomware follows a typical pattern. Malware is introduced, often via a successful phishing attempt. Once access is gained, the attackers force the organization to pay to regain control.

Ransomware Extortion

Ransomware attacks are becoming increasingly complex. Often companies are blending cyber extortion attacks to include multiple assaults, including ransomware.

Extortionware: A New Hybrid Threat

Extortionware is one of the newest assaults on companies and their data and systems. In an extortionware attack, the attacker gains access and steals a company’s data.

However, the attacker analyzes the data, looking for information that can be harmful to an individual’s or company’s reputation.

The criminals contact the victims of the theft and threaten to release the information if a ransom is not paid.

Characteristics of Extortionware

Extortionware shares characteristics with ransomware and doxing attacks. Like ransomware attacks, an extortionware attack makes threats that will only be stopped if payments, usually cryptocurrency, are made. Like a doxing attack, an extortionware threat relates to embarrassing information the attackers have obtained.

How To Prevent Cyber Threats

Preventing cyber threats means a strategic, coordinated approach to identifying and eradicating potentially damaging acts. A layered approach to cybersecurity involves multiple components, including:

Comprehensive security measures including firewalls around your networks, multifactor authentication policies for users and encryption of sensitive data
Anti-malware programs that detect incoming threats via email and other vectors
Backup management to ensure data and systems are backed up frequently and can be used if necessary during an attack
Patch management for software, applications and operating systems to ensure the latest versions are installed
Incident response planning to ensure that staff are trained in what to do during an attack
Employee training to be vigilant and know what a cyberattack is and how to spot it

At ConsultNet Inc., we provide small businesses comprehensive security assessments, compliance management and managed cybersecurity services. Let ConsultNet monitor your technology and data and ensure you are not a victim of cyber extortion. To learn more, contact us today.