Cyberextortion is a crime involving an attack or threat of attack coupled with a demand for money to avert or stop the attack.
Cyberextortion can take many forms. Originally, denial of service (DoS) attacks against corporate websites were the most common method of cyberextortion; the attacker might initiate a ping storm and telephone the president of the company, demanding that money be wired to a bank account in a foreign country in exchange for stopping the attack.
In recent years, however, cybercriminals have developed ransomware which encrypts the victim's data. The extortionist's victim typically receives an email that offers the private decryption key in exchange for a monetary payment in Bitcoins, a digital currency. Cyberextortion can be lucrative, netting attackers millions of dollars annually. Unfortunately, as with other types of extortion, payment does not guarantee that further cyber-attacks will not be launched. Most cyberextortion efforts are initiated through malware in e-mail attachments or on compromised websites. To mitigate the risks associated with cyberextortion, experts recommend that end users should be educated about phishing exploits and back up their computing devices on a regular basis.
As the number of enterprises that rely on the Internet for their business has increased, opportunities for cyberextortionists have exploded. According to some reports, most cyberextortion episodes go unreported because victims don't want the publicity. Through concerted, high-tech efforts and cooperation among law enforcement agencies in multiple countries, a few cyberextortionists have been found, arrested, prosecuted, convicted and sentenced to prison.