With the topic of cyber security becoming more discussed, a new form of cyber attack has begun to unfold within the country. This new method, known as cyber extortion, is becoming increasingly popular amongst hackers, with massive businesses being targeted. Let’s take a look at what cyber extortion is, how it works, and what steps you can take to prevent it.

What is cyber extortion?

Cyber extortion is a broad term used for computer-related crimes. These generally come in the form of cyber attacks with, as the name suggests, extorting businesses. Hackers will typically coerce people and businesses to hand over money or sensitive data with the threat of more attacks. Generally, these hackers will attempt to trick or bully a victim into giving up information or money to stop their attacks. When a cyber extortion attack is successful, it can lead to massive implications for a business. This includes data breaches, financial loss, or identity theft.

How does cyber extortion work?

There are two general methods of cyber extortion that hackers tend to use. In most cases, monetary gain is the main goal of cyber extortionists, though as mentioned above, there are multiple reasons a hacker may extort a business or person. The two general methods are as follows.

Coercion and social engineering

Coercion and social engineering are considered the more subtler version of the two tactics. This involves tricking people into simply handling money over directly. Alternatively, releasing sensitive information to the person doing the extortion. Generally, these extortionists will pretend to be someone else. This can include a friend, spouse, or family member. In some scenarios, they will pretend to be a business, such as a bank or online retailer. These generally begin through romance scams or phishing emails. Once contacted, the extortionists will convince the victim or business to do what they please.

Threats and ransom 

Threats and ransom tend to be the more direct route of cyber extortion. This involves causing or threatening to cause distress or disruption for the business or person they are targeting. To put it simply, they tell them to pay up or suffer the consequences. Examples of threats or ransom in cyber extortion include threatening to leak personal photos or sensitive information if they don’t pay. Alternatively, ransomware can be used to make a company’s files inaccessible and returned only if a fee is paid.

Cyber extortion in Canada: How are businesses reacting?

According to an article written by Canadian Underwriter, cyber extortion is trending in Canadian businesses. In fact, cyber extortion events hit record numbers in 2023, according to a report released last week by global brokerage, Marsh.

Furthermore, an increasing number of businesses are refusing to pay. According to a June 11th report, Ransomware: A Persistent Challenge in Cyber Insurance Claims, more than 1,800 cyber claims were submitted to Marsh in Canada and the U.S. last year. When analyzed, less than one-quarter (23%) of Marsh’s clients in 2023 impacted by cyber extortion paid the ransom. The 77% that refused to pay show a growing trend. In 2021, 37% of Marsh clients rejected the demands of cyber extortionists.

When it comes to Canadian and American clients that purchased a cyber security policy, 21% reported a cyber security issue occurring with them. This amount broke records, with 282 extortion events reported to Marsh in total. This was a 64% increase in comparison to 2022!

Cyber extortion: Who is a target?

Although more people are refusing to cooperate with extortionists, cyber extortion doesn’t seem to be slowing down. This is due to extortionists becoming more and more sophisticated. With this in mind, it is good to know exactly who is being targeted. Though cyber extortion can happen to any person or business, there are specific industries that are being targeted more than others, according to a report by Marsh.

“The top five industries among Marsh clients to be affected by cyber events have remained consistent. In 2023, they were healthcare, communications, retail/wholesale, financial institutions, and education,” the report says.

Recent major cyber attacks in Canada prove this to be correct, with many massive attacks happening to businesses in these industries. The Toronto District School Board, London Drugs, the B.C. government, and bookstore chain, Indigo, are all examples.

How to protect yourself from cyber extortion

To protect yourself from cyber extortion, Marsh advises businesses to have a cyber resilience strategy that incorporates what to do if and when a cyber extortion event occurs. Comprehensive security measures are key if you want to protect your business and yourself from cyber extortion. Here are some tips to keep in mind:

  • Regularly update your software and computer to avoid vulnerabilities.
  • Train yourself and your employees on cybersecurity practices, such as how to recognize a phishing scam.
  • Make strong, unique passwords that are different across various sites and platforms.
  • Install multi-factor authentication on your devices.
  • Regularly back up data, making sure your backups are secure
  • Keep up to date on using strong security software. This includes firewalls, antiviruses, and VPNs.
  • Invest in Cyber Liability Insurance.

In general, doing your part when it comes to preventing cyber-attacks and extortion is the first step in keeping yourself and your business safe. With extortion numbers climbing so high, keeping secure is more important than ever. If you have any questions in regards to Cyber Liability Insurance, request a quote, or contact isure today!

Related Articles