Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Security Insights Blog

Cyber Shakedowns: A Hacker's New Payday

The Underground Economy, Pt. 2
Created: 28 Jul 2014 • Updated: 31 Jul 2014
Tim G.'s picture
+3 3 Votes
Login to vote

Hearing a story about an organized crime ring demanding protection money from businesses might conjure images of the local mafia taking money from neighborhood businesses. However, in today’s global internet economy, extortion is no longer confined to the mafia, or even brick-and-mortar stores – businesses now face online extortion tactics from cybercriminals. The idea behind the shakedown hasn’t changed, it’s just moved into the cyber realm. These days, instead of threatening physical harm, cybercriminals threaten data loss or exposure, or to harm a brand’s reputation or operations.

As attackers consider the economics of what they do, they recognize extortion as the fastest way for them to make money. For a hacker, extortion is an easy way to monetize stolen information and provides the shortest path from cybercrime to cash. Moreover, cybercriminals don’t actually have to perpetrate an attack for it to pay off, they can simply capitalize on threatening to attack.

To exact a profit from these threats, attackers use a variety of extortion tactics. Let’s take a look at some of the common methods:



The threat of cyber extortion has grown with the rise of ransomware, sophisticated forms of malware that are designed to hold victims’ data hostage. Attackers attempt to infiltrate a computer with traditional phishing methods and once a user opens the file, the malware locks the user out of computer files and demands money to unlock them.

Initial versions like RansomLock locked the computer until the user paid the ransom to get into the machine. More advanced versions have since appeared, including CryptoLocker and CryptoDefense, which encrypt the information on the computer and then require payment for the files to be decrypted. For instance, CryptoDefense automatically encrypts all files and demands a $500 ransom payout that rises to $1,000 if unpaid. The malware then destroys the key and files if no ransom is paid within one month.

DDoS Attacks

Over the past decade distributed denial of service attacks (DDoS) have become a preferred weapon for both web extortion and hacktivist attacks. In these kinds of attacks, hackers flood websites of businesses with large amounts of traffic that overwhelms servers and knocks out service. Cybercriminals will demand a fee either before or during the attack to cease the attack.

High-revenue generating internet companies are especially attractive to attackers because their entire business relies on internet connectivity. With armies of botnets, cybercriminals can easily halt businesses’ revenue streams. Recent victims of such attacks include internet companies like Vimeo, Evernote, Meetup and Feedly.

Data Hostage Situations

Data is the lifeblood for many companies in the digital age, this gives hackers a lot of leverage once they have access to it. Once they breach a company network, cybercriminals will use a plethora of methods to coerce a company into payment, including:

  • Stealing the most recent backup and threatening to wipe the original version from the corporate servers.
  • Changing the encryption key within a database and holding the new key hostage.
  • Stealing protected or personal data and threatening the breached company with disclosure of the information.
  • Obtaining corporate or government secrets and threatening to sell them.
  • Threatening to expose private corporate or personal information that can compromise the company, employees or a public figure.
  • Finding company network vulnerabilities and threatening to disclose them to other hackers.


Social and Reputation Threats

Recently, a number of small businesses reported receiving “Notice of Extortion” letters in the U.S. mail, which demand payment of one bitcoin (currently USD $630) to avoid negative publicity, vandalism and harassment. According to Krebs on Security, these letters threaten businesses with negative online reviews, complaints to the Better Business Bureau, harassing telephone calls, telephone denial-of-service attacks, bomb threats, fraudulent delivery orders, vandalism, and even reports of mercury contamination.

Although the future of these types of attacks remains to be seen, extortion attacks appear to be increasing with the growth of cryptocurrencies like Bitcoin. This universal, anonymous and relatively untraceable payment method serves an enabling function for cyberattacks. Hackers, who often live half a world away from their victims, don’t have to think in terms of one currency, making extortion transactions easier.

So what do you do if a cybercriminal is trying to extort money out of you or your company?

While it may be tempting to pay off attackers to make the problem go away, most experts agree that it’s best to avoid negotiating with or paying off attackers. Anyone who is trying to extort money from your business isn’t honest or trustworthy, and payment does not guarantee the protection of your business’ data or reputation. If your company is targeted by an extortion attack, notify the authorities. Government agencies have resources at their disposal that can help connect the dots behind extortion attacks. For example with DDoS attacks, they can engage a forensics team to perform research into the botnet that’s being leveraged in order to find the controller to try to shut it down.


Before cybercriminals attempt to strike, it’s important to be vigilant about protecting your business against malware and security breaches. For the best possible protection, Symantec customers should ensure that they are using a layered approach to securing their environment, utilizing the latest Symantec technologies incorporated into our consumer and enterprise solutions.