DDoS extortion and ransomware attacks have featured heavily in the headlines recently. But the practice of obtaining money through threats is not new. At its core, it isn’t much different to the work of Tony Soprano and Paulie Cicero in The Sopranos and Goodfellas – they both always got their money.

Cyber extortion is the digital version of what “wise guys” have been doing for centuries. What’s new, however, is the wide variety of methods that are used to achieve this.

Cyber extortion is comprised of three main tactics: the threat of distributed denial of service (DDoS), the threat of data compromise and ransomware. While some motivations are political or reputational, the goal for the majority of extortion actors is simply to make money.

This is particularly the case for ransomware, a business model that is evidently profitable – we’ve seen multiple reports of organizations paying out. Keeping up-to-date with the changes in popular ransomware variants is not easy; it’s a game of constant cat and mouse. A version of a variant is released; a security company releases a decryption tool; the variant is updated; and so on. Take CryptXXX, for example, is a variant that is now up to version 3.100.

And then there’s all the other types of innovation. We recently uncovered a Tor site called “Hall of Ransom” selling Goliath ransomware and a Locky decryptor. As with broader criminal landscape, it is not just about the ransomware authors; there’s a whole ecosystem of hosting sites, e-currency exchangers, exploit kits, spam services and bullet-proof hosting services. All these factors combine to make ransomware a very appealing tactic.


Amid all of these actors, tools, variants and support services, it is of little surprise that organizations are becoming increasingly concerned with the growing profile of cyber extortion. With so many changes, enhancements and innovations, extortion and ransomware is hard to keep track of and understand what these actually mean for your organization.