MENU
When cybercriminals hijack your data or website and demand a ransom, you become a victim of cyber extortion. These kinds of attacks and the subsequent ransom payments they require are on the rise, with some businesses paying hundreds of thousands of dollars or more to regain access to their systems. We’ll explain how cyber extortion works and what you can do to prevent it.
Cyber extortion happens when a bad actor hijacks your data, systems or website and demands payment to give the information, programs or site back to you. Such ransomware attacks are increasing, and so are their costs. According to Statista, the average ransom payment in the second quarter of 2023 was $740,000, up from $328,000 in the first quarter.
Perhaps that’s not surprising when you consider that in 2023, more than 72 percent of businesses worldwide were hit by ransomware, per Statista. Recovering from a ransomware attack is expensive, with bills reaching $165,520 for companies with revenues of $10 million or less, according to The State of Ransomware 2023 report from Sophos.
Although the ransom amount cybercriminals demand from your company may depend on the size of your enterprise, most businesses today are at risk and need to protect themselves from ransomware attacks. When cyber extortion occurs, a business might not be able to operate until it deals with the threat. That can mean paying criminals a lot of money to regain control of their systems. If you don’t think you’d have the financial means to pay the ransom, it’s even more important to prevent cyber extortion from happening in the first place.
The stark statistics behind the number and variety of cyber attacks happening today underscore why companies need to create a robust cybersecurity plan. If you’re not proficient in cybersecurity and don’t have an in-house IT team, consider hiring an independent professional to identify your business’s vulnerabilities and determine how large your cybersecurity budget needs to be to protect your company.
Cyber extortion starts when a hijacker gains access to your computer systems. They look for weak points in your security or hack passwords to gain entry. Once in the systems, they often insert a type of malware known as ransomware or create a distributed denial-of-service (DDoS) attack. As a result of this intrusion, the business owner, staff and customers are unable to use the affected systems as normal and risk their data being exposed.
After gaining control of the systems, the hijacker makes demands for money before allowing the business to regain access.
Every business that maintains an internet presence is at risk of cyber extortion. Conduct a cybersecurity risk assessment to see how vulnerable your company is.
Cyber extortion isn’t limited to one method. There are many ways hijackers can infiltrate your business systems and demand payment from you, including the following:
Ransomware is a type of malware — a malicious code or software inserted into a computer system to compromise it. The compromised areas may include data confidentiality, system operations or operating-system function. Often, malware isn’t detected right away and works for some time until someone using the system notices something amiss.
Ransomware also creates encryption keys that are necessary to regain access to the data or systems. The cybercriminal holds the encryption keys until their ransom is paid.
A DDoS attack sends an abundance of traffic and requests to a website until the site is overwhelmed and becomes unavailable. The cybercriminals infect a network of computers to send simultaneous requests to the target site, causing it to crash. This type of attack is often executed in coordination with other cyber intrusions.
In a phishing attack, hackers pose as a trusted email sender to gain access to information. If the recipient is fooled and follows links requesting passwords and other private data, the hackers can see that data. Phishing has become a common tactic among cybercriminals, and businesses should train employees on how not to fall victim to phishing schemes.
One of the most damaging phishing schemes is CEO fraud. This is when a hacker pretends to be a business’s CEO or top executive and uses an email or text message to pressure an employee in accounts payable to quickly settle an invoice. The employee, unaware it isn’t really a company exec making the request, inadvertently transfers the funds to a bad actor.
CATO happens when a hijacker impersonates the business’s website or email and requests wire or ACH transactions. Funds are sent to an account that looks legitimate but is actually controlled by the hijacker. Companies with minimal control over online banking systems are particularly vulnerable to this type of attack.
Any business with digital operations or storage is susceptible to cybercrimes, including cyber extortion. Because malware is easy to install, cybercriminals don’t have to work very hard to execute the attack.
Here are some business types and professionals that are especially at risk:
But the reality is that any business that relies on centralized digital operations and digital tools is vulnerable to hijackers.
There are many public examples of cyber extortion from recent years.
Cyber extortion has a huge impact on businesses and, in some cases, the general public. The Colonial Pipeline hack caused concern over possible gasoline shortages throughout the southern and eastern U.S., and then gas prices rose as the industry sought to deal with demand. Colonial Pipeline paid the ransom in part because it could not estimate how long it would take to identify and remediate its systems on its own.
For a small business, the impact of cyber extortion is significant. A report from Kaspersky indicates that the average cost of a data breach is upward of $105,000 for small businesses. If this incident involves extortion, you could pay another $1,500 to $50,000 in ransom fees. Plus, there is the cost of business operations being affected while your system is nonoperational and the reputation hit your company may face if the attack fosters the perception that your organization cannot be trusted. Customers may decide to take their business elsewhere.
All in all, the actual cost of recovering from a cybersecurity incident ranges from $826 to $653,587, according to Verizon. That is money most small business owners simply don’t have to spare. If a business can’t handle the cost of a cyberattack, it may be forced to shut down permanently.
One way to protect your small business is to purchase cyber insurance, which is separate from general liability insurance. This type of business insurance will pay for the costs associated with restoring your system after a cyberattack. Coverage includes mitigation services to try working with backups and restore operations as soon as possible. Your insurer will also negotiate with the cyberattackers and pay for ransoms up to the policy limits.
Although you can’t prevent every attack, cyber liability insurance minimizes the impact of cyber extortion on your business’s bottom line.
Because every small business is at risk of cyber extortion and most can’t afford to pay a ransom, owners should do everything possible to prevent a data breach. We recommend following these tips to help manage your cybersecurity risk:
Hopefully, you’ll never be in this position, but if your company is the subject of a cyber extortion attempt, there are ways to deal with it. Below, we explain how to handle a ransomware demand.
Assuming you have cyber insurance, within 24 hours of becoming aware of the cyber extortion attempt, you should get in touch with your insurer to gain an understanding of your current level of coverage and what may apply to the situation. Also reach out to your lawyers and the local authorities — they’ll be needed to make sure your responses to the situation conform with relevant legislation.
If you have an internal IT team and are confident in their abilities, give them the responsibility for your company’s technical recovery from the incident. If you don’t have an in-house IT team or you’re not confident that they are experienced and knowledgeable enough to deal with the attack, bring in an external cybersecurity expert. Whoever’s in charge, their initial priority should be to investigate the breach. Instead of getting the company back up and running again, their immediate priority must be to secure your system. They should also ensure that any remaining intruders in your system are ejected and shut the virtual door to any further access attempts.
Some companies may opt to bring on an external communications and public relations team to develop a crisis communications plan. This team can handle inquiries from the media and manage corporate communications with customers who may have been affected by the attack. To keep your customers’ trust and satisfy the press, your communications during this time need to be clear, consistent and accurate.
One of the significant points of leverage that cyber extorters have over companies is the ability to destroy a business’s data permanently if the ransom isn’t paid. To mitigate this risk, use a cloud backup service to make multiple copies of your data, as it’s highly unlikely that the hackers will also have access to your encrypted backup copies.
Your insurer will launch an investigation into the circumstances surrounding the extortion attempt. Regulators also may want to do so, especially if the cybercriminals are threatening to release sensitive personal information, like medical records.
If you regularly back up data on secure and encrypted cloud services, your IT team and/or outside consultant can start to restore your systems and apps so they can be used by staff again in the course of everyday business. They should be able to successfully remove the malware from your network and change the passwords. [Read related article: Top Cloud Storage Services for Business]
However, the extortionist will likely be pressuring you into making a payment, often giving a deadline for your response. While they may follow through with the deadline, they’ll lose their main bargaining position if they crash your systems or delete your data. Consult with legal counsel and law enforcement when deciding whether to pay the ransom. There may be insurance and legal implications to doing so, but that may also be the case if you refuse to.
By now, your IT team or cyber consultant should know what they need to do to prevent future breaches, and they’ll begin securing your computer network. As your business resumes normal operations, you need to decide how to defend yourself against future attacks. You might want to create a specific cybersecurity budget to pay for staff training and more robust network hardware.
Regardless of whether you chose to pay the ransom and how you regained full control of your network and data, the consequences of the attack are likely to continue for some time. Try to keep as much of the recovery team intact as possible while you strengthen your cyber defenses, repair financial and reputational damage, and maintain ongoing communications with authorities. If these key individuals can continue to assist you in securing your network and data from now on, it will be of long-term strategic benefit to you.
Also, the more you can prove that you were diligent in protecting your systems in the first place and competent in how you reacted to the attack, the better you’ll appear to your insurers, law enforcement agencies and the public. You’ll want to work toward earning back any lost customer trust, and proof of your accountability can help with that.
Kimberlee Leonard contributed to this article.