Article December 3, 2018

What is targeted extortion?

We're kicking off our brand new "What is...?" series today with targeted extortion. This growing threat is an evolution of the more well-known ransomware. Here, we explain how this emerging threat is different and what its potential impacts are.

Ransomware is a type of malware that typically works by encrypting the data on a victim’s computer and then demanding a ransom payment to gain access to the decryption key. Because this method is not targeted and the cybercriminals who use it do not have a sophisticated understanding of their victims, the actual ransom amounts demanded are typically fairly modest – sitting around $300 on average. But with ransomware now an established method of attack, and with IT security systems getting better at blocking indiscriminate attacks, we are starting to a change in tactics and a move towards targeted extortion.

Targeted extortion is a situation where cybercriminals set their sights on a vulnerable organisation and look to extort money out of them. And because they have a better understanding of their victims, these cybercriminals are also raising their ransom demands accordingly, with many requesting amounts in excess of $50,000.

The way in which cybercriminals carry out targeted extortion can vary, but most attacks generally involve one of the following:

  • Cybercriminals gain access to the organisation’s computer systems and encrypt their data and hold it to ransom until payment is made to decrypt the data;
  • Cybercriminals get hold of an organisation’s sensitive data and threaten to release it into the public domain unless a ransom payment is made; or
  • Cybercriminals threaten to carry out a Distributed Denial of Service (DDoS) attack on the organisation’s website or to unleash some form of malware onto their computer systems unless a ransom payment is made.


Over the past year, we’ve seen an uptick in attacks of this nature. To give just one example, we recently dealt with a claim from a hosted platform provider that cybercriminals specifically targeted, accessing their systems, encrypting their data and back-ups, and holding them to ransom for 75 bitcoins – the equivalent of some $579,450 at the time of the attack.

Click here to read our full cyber claims case study involving targeted extortion