After years of stealing data for fraud and corporate espionage, hackers increasingly are trying a new way to profit from their digital break-ins: extortion.
Hacks involving HBO and Netflix Inc. NFLX 1.88% in recent months have shed light on the extortion threat, which law-enforcement officials and companies that investigate these digital break-ins say has been on the rise in recent years. Instead of simply stealing passwords or credit-card data, or locking access to victims’ systems as with ransomware, extortionist hackers try to unearth corporate secrets that they then threaten to make public if victims don’t pay.
Because the extortionists threaten to expose sensitive material —embarrassing emails or intellectual property like unreleased movies and scripts, for example—the crime can be “more damaging and impactful to victim organizations than other types of theft of intellectual property” said Charles Carmakal, a vice president with cyber investigations firm FireEye Inc. FEYE 0.61% Adding to the insidiousness of cyber extortion, those targeted by such efforts often have a difficult time determining how much data the hackers really have—and in some cases the extortion attempts are simply bluffs, he said.
FireEye first noticed the uptick in extortion cases in 2015, and observed more than double the number of cases last year as hackers who previously sold stolen data realized that they could make even more money from extortion, Mr. Carmakal said. Other extortionists work for political reasons or “for fame and glory,” rather than money, he said.
Such attacks in the past year have hit medical clinics, which hackers threatened with leaking patient information; casinos, where they threatened to divulge client lists; and energy companies, where hackers have shut down systems needed for mining operations in an extortion episode and threatened to release confidential business contracts and employee data, according to FireEye.
Extortion attacks are a cousin of ransomware hacks, which renders computer files unreadable until a payment is made, and hackers use similar techniques to access corporate data for extortion. Law-enforcement agents and private investigators say both types of attack are on the rise.
In a survey of more than 2,600 executives, consulting firm Grant Thornton found that 17% of cyberattacks in 2016 involved blackmail or extortion, including ransomware attacks, versus…