Quick Links
Malware comes in many different forms. One particularly concerning example is extortionware, a term that covers numerous types of cyberattack software.
But you might be more familiar with ransomware. Extortionware and ransomware are related but different. Nonetheless, both are something you need to be wary of. Here’s what extortionware is, how it differs from ransomware, and how you may protect yourself from it.
What Is Extortionware?
Extortionware is simply malware used to extort victims. It most often involves the theft of sensitive data followed by some sort of threat, typically the release of sensitive stolen data.
How does this work? Say cybercriminals steal information from a company and then threaten to use it if they don’t get paid a certain amount of money. This threat could be to either make such data public or sell it to a competitor. A rival could do a lot with details of a new intellectual property or with a client list. The business then has to determine whether the fee demanded would be outweighed by the cost of sharing private data.
One potential cost is customer confidence. If personal details are made public, people might question if their data is safe in that company’s hands. They might also be bitter that the firm has opened them up tocyberattacks like phishingdue to poor security.
Extortionware is malicious software used to extort victims; it is not the act of extortion itself.
The same issues apply to regular folks, too. Stolen personal information could be used for extortion;catfishing scamscan end in (more!) extortion when the victim finally realizes what’s going on.
Examples of Extortionware
Extortionware isn’t as well-known as ransomware, but the latter sometimes comes under this umbrella term. So, too, does sextortion, i.e., the use of NSFW photos, videos, and messages to leverage control. This could be cash or more adult material.
Doxing (also called “doxxing”)is a good example of cyberextortion. It involves publishing private information and invading people’s privacy. Software used in Distributed Denial-of-Service (DDoS) attacks can also be classed as extortionware, knocking a site or service offline until a ransom or demand is met.
So, where might you have seen extortionware at work? Perhaps the most high-profile case was the leak of information from Ashley Madison, an online dating service that mostly facilitates affairs. In 2015, the site suffered an enormous data breach, with hackers stealing personal information on site users. The hackers released the stolen data in two tranches, including names, email addresses, banking information, and more, leading to an enormous rise in online extortion against former Ashley Madison users.
However, as perGizmodo, Ashley Madison continues to operate—and is now a hive of scammers waiting for their next sextortion victim. It even spawned a top-rated Netflix series:Ashley Madison, Sex, Lies, and Scandal.
Extortionware vs. Ransomware: Differences and Similarities
Yes, extortionware and ransomware are different, but the two do have some crossover.
The chief similarity is that both are used to leverage some form of control over victims. In that way, any malware used as ransomware can be seen as extortionware, as it results in a threat and demand. With ransomware, the demand can be anything (though it is often financial and frequently paid through untraceable cryptocurrency), but the threat generally involves not getting any access to systems again.
The pair can be combined, too—as in double extortion ransomware, which steals data and encrypts a system but then makes two demands: one to unlock the data and the other not to release it publicly.
And that’s the real difference: ransomware generally involves locking a system down, making it unreadable without the correct decryption key. Extortionware, on the other hand, doesn’t necessarily mean data is encrypted. Instead, it’s that any data stolen can be used by the hackers.
Sextortion, for instance, isn’t ransomware, even though there is a ransom involved. It’s extortion because the perpetrator wants something more from the victim and is using NSFW materials to coerce them further.
How to Protect Yourself From Extortionware
Fortunately, many of the methods you likely use to combat ransomware can also protect you from extortionware by following some basic security measures.
It’s always worth checking your passwords are strong, but you should alsomake sure services store login details securely. Businesses are more likely to be targeted by extortionware than individuals.
However, you should still be wary of phishing techniques and similar ways malware is spread. Similarly, you’re able to protect your data in transit by using a VPN and keep your PC, laptop, or other devices safe by using a solid security suite with a firewall.
Ultimately, you need to trust the sites you’re giving your personal details to. Small steps can make a big difference, like checking for HTTPS in the address bar, searching for trustworthiness before creating accounts, and look for historical data leaks.
If you may’t trust a site with your private data, don’t.
