The requested URL /esi/header.html was not found on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Extortion refers to situations where a third party demands that an organization pay money (or take some other action) or suffer an adverse consequences. Modern day extortion often takes the form of “cyber-extortion” – where the threat and adverse consequence involves the disclosure of an organization’s information or an attack on an organization’s electronic infrastructure.
There are many different examples of cyber-extortion in practice, but some of the most common include infecting an organization’s computer systems with malware that requires payment to unlock or remove (i.e., ransomware), exploiting a security vulnerability identified by the extorter, threatening to disclose an organization’s security vulnerabilities to the press or to other hackers, or even threatening to disclose an organization’s security vulnerabilities to government regulators.
The following provides a snapshot of information concerning cyber-extortion as well as a checklist for organizations that are confronted by an extortion demand:
The number of cyber-extortion reports that the FBI received in a recent year.1
Estimate of the percentage of cyber-extortion cases that are not reported.2
$2,500 to $800,000
Range of unsolicited demands related to alleged security vulnerabilities made to Bryan Cave clients.
What to think about when considering a cyber extortion demand:
1. FBI, 2016 Internet Crime Report available at https://pdf.ic3.gov/2016_IC3Report.pdf
2. NYA International, Cyber Extortion Risk Report (Oct. 2015) at 3.