receives compensation from some of the companies listed on this page. Advertising Disclosure

What Is Cyber Extortion?

Updated Nov 07, 2023

Table of Contents

Open row

When cybercriminals hijack your data or website and demand a ransom, you become a victim of cyber extortion. Attacks and payments are on the rise, with some businesses paying nearly $800,000 to regain access to their resources. We’ll explain how cyber extortion works and what you can do to prevent it. 

What is cyber extortion?

Cyber extortion happens when a bad actor hijacks your data or website and demands payment to release the information or site back to you. Cybercriminals may hijack your website in a number of ways, such as compromising your data and threatening to release it to the dark web or initiating a denial of service attack that prevents customers from accessing your website.

Ransomware attacks are increasing, and so are their costs. The average ransom payment in Q3 2019 was $41,198. That number more than doubled in Q4, rising to $84,116. The total cost of recovery can be even higher. Some victims pay more than $780,000 to regain access to their data and resources. In 2021, the average total cost of recovery rose to $1.85 million. While the ransom amount may depend on the size of your company, most businesses today are at risk and need to prepare themselves against ransomware attacks.

When cyber extortion occurs, a business might not be able to operate until it deals with the threat. That can mean paying criminals a lot of money to regain control.

Did You Know?Did you know

Every business that maintains an internet presence is at risk of cyber extortion. Research from Red Canary shows that 70% of organizations face over 100 cybersecurity threats every day. Are you at risk? Conduct a cybersecurity risk assessment to see how protected your business is.

How does cyber extortion work?

Cyber extortion and ransomware start when the hijacker gains access to your systems. They look for weak points in your security or hack passwords to gain entry. Phishing schemes are one of the most common ways that hackers gain access. Once in the system, they often insert a type of malware known as ransomware or create a distributed denial-of-service (DDoS) attack. Ultimately, the business owner, their staff and their customers are unable to access normal systems.

Once the hijacker has control of the systems, they make their demands, including the ransom amount required to restore the system and allow the business to regain function. 

What are common types of cyber extortion?

There are many ways that hijackers can infiltrate your business systems and demand payment from you, including the following.


Ransomware is a type of malware, a malicious code or software inserted into the system to compromise it. The compromised areas may include data confidentiality, system operations or operating system function. Often, malware isn’t detected right away and works for some time until someone notices the lack of function.

Ransomware also creates encryption keys that are necessary to regain access to the data or systems. The hijacker maintains the encryption keys until the ransom is paid.

Distributed denial-of-service attacks

A DDoS attack sends an abundance of traffic and requests to a website until the website is overwhelmed and becomes unavailable. The cybercriminals infect a network of computers to send requests to the target site. This type of attack is often executed in coordination with other cyber intrusions.


In a phishing attack, hackers pose as a trusted email sender to gain access information. If the recipient is fooled and follows links requesting passwords and other private data, the hackers are able to see that data. Phishing has become common among cybercriminals, and businesses should train employees how not to fall victim to phishing schemes.

Corporate account takeover (CATO)

CATO happens when a hijacker impersonates the business’s website or email and requests wire or ACH transactions. Funds are sent to what looks like a legitimate account that is, in fact, controlled by the hijacker. Companies with minimal control over online banking systems are particularly susceptible to this type of attack.

FYIDid you know

Distributed denial-of-service (DDoS) attacks, phishing and corporate account takeovers are common types of cyber extortion.

Who is susceptible to cyber extortion?

Any business with digital operations or storage is susceptible to cybercrimes, including cyber extortion. Because malware is easy to install, cybercriminals don’t have to work hard to target even small operations.

According to a Red Canary survey, 92% of security leaders said they were not completely confident that their organization could identify and stop the root cause of an attack. Nearly 50% of organizations said they don’t have the resources to stop an attack within an hour of the initial data compromise. This data suggests that companies are not just targets – they are grossly unable to handle these cyber breaches.

Here are some common targets:

  • E-commerce businesses: Companies that rely on websites to market and generate sales are highly susceptible to ransomware.
  • Medical offices: A medical office that has files stored digitally is a target for data compromise and theft.
  • Financial advisors: Those who use online customer relationship management software, including client portals, are often prime targets.

Any business that relies on centralized digital operations, digital tools, or online customer relationship management systems is vulnerable to hijackers.

What are some examples of cyber extortion?

There are many public examples of cyber extortion from recent years.

  • Ashley Madison: In 2015, hackers gave the website’s owners an ultimatum to either shut down their dating site or have their users’ data dumped into public domain. When the company refused to give in, customers’ private data was released.
  • Orange Is the New Black: The popular television show paid $50,000 in 2017 to prevent the premature release of its episodes. Even though it paid, the episodes leaked.
  • Colonial Pipeline: In 2021, oil transport was halted until the company paid a $4.4 million ransom in bitcoin. Some of these funds were recovered in what was believed to be a Russian hacking organization scheme.
  • Coordinated attack on up to 1,500 businesses: A 2021 coordinated strike sought $70 million in ransom to restore all the businesses at once. 

What are the impacts of cyber extortion?

Cyber extortion has a huge impact on businesses and, in some cases, on the general public. The Colonial Pipeline hack caused concern over possible gasoline shortages throughout the Southern and Eastern U.S. Gas prices rose as the industry sought to deal with demand. Colonial Pipeline paid the ransom in part because it could not estimate how long it would take to identify and remediate its systems.

For a small business, the impact of cyber extortion is significant. Estimates from Kaspersky show the average cost of a data breach could be upward of $100,000 for small businesses. If that data breach includes a ransom, you could pay another $1,500 to $50,000 in ransom fees. Plus, there is the cost of being down while your system is nonoperational, and the public perception that your business cannot be trusted. Customers may decide to take their business elsewhere.

All in all, business insurer Hiscox estimates that the total cost to small businesses due to a cyberattack is close to $200,000. That is money that most small business owners simply don’t have. If a small business can’t handle the cost of the cyberattack, it may close its doors permanently.

How to prevent cyber extortion

Because any small business is at risk, owners should do everything possible to prevent a data breach. A small business can take some simple steps to help prevent cyber extortion:

  • Maintain systems’ health. Make sure you have an effective firewall and update your operating systems and software regularly. Use an up-to-date virus protection program as well.
  • Back up, back up, and back up some more. They may seem redundant, but regularly scheduled backups ensure that you can get running again faster after a cyberattack. Without backups, you’re at the mercy of the hackers.
  • Train your employees. Help your employees understand risky security behavior. This includes teaching them to recognize (and not click into) phishing scams, reply only to those who need information rather than replying all, and avoid public system use unless they can use a secure mobility system. 
  • Use smart internet protocol. Avoid clicking on pop-up ads on the internet at work. These can contain malware that will slowly gain access to your system.

How cyber liability insurance can help

One way to protect your small business is to purchase cyber liability insurance – not to be confused with general liability insurance. This type of insurance will pay for the costs associated with restoring your system after a cyberattack. Coverage includes mitigation services to try to work with backups and restore operations as soon as possible. It will also negotiate with the cyberattackers and pay for ransoms up to the policy limits.

While you can’t prevent every hack, cyber liability insurance minimizes the impact of hacks on your bottom line.

Kimberlee Leonard
Contributing Writer at
Kimberlee has spent the past 20 years either directly involved in insurance and financial services or writing about it. She’s a former Series 7 and 65 license holder and former State Farm agency owner. As a small business insurance expert, her work can be found on Fit Small Business and Thimble.
BDC Logo

Get Weekly 5-Minute Business Advice

B. newsletter is your digest of bite-sized news, thought & brand leadership, and entertainment. All in one email.

Back to top