Cyber Extortion And Ransomware

23 Sep 2025 --
0 Comments

What is Cyber Extortion

Cyber Extortion is a type of cybercrime where a perpetrator threatens to damage, block, or expose sensitive digital information or disrupt computer services unless a ransom or demand is met. The threat could be to release confidential data, destroy files, or launch a cyberattack.

What is Ransomware?

Ransomware is a specific type of malicious software (malware) used in cyber extortion. It encrypts the victim’s data or locks the system, making it unusable until the ransom is paid—usually in cryptocurrency like Bitcoin—to receive the decryption key.

How Cyber Extortion and Ransomware Work Together

Cyber extortionists deploy ransomware on a victim’s system.

Once locked, they demand payment to unlock the data.

Failure to pay might result in permanent data loss or data being published.

This can target individuals, corporations, hospitals, government agencies, or critical infrastructure.

Legal and Investigative Challenges

Tracing perpetrators: Often anonymous using cryptocurrency.

Jurisdiction: Cybercrimes can cross international borders.

Evidence: Digital forensics critical but complicated by encryption.

Prosecution: Requires proving intent, harm, and link between attacker and attack.

Case Law Examples

1. United States v. Hutchins, 2017 (also known as the "MalwareTech" case)

Background: Marcus Hutchins was arrested in 2017 for allegedly creating and distributing the Kronos banking malware, which was used to steal banking credentials. Although not a ransomware case per se, Kronos was malware used for cyber extortion through theft.

Issue: The prosecution argued Hutchins developed malware that enabled cyber extortion by harvesting credentials.

Outcome: Hutchins pled guilty to charges related to creating and distributing malware but was credited for helping stop the WannaCry ransomware attack.

Significance: Highlights the thin line between malware developers and cyber extortionists, and the role hackers play in the ransomware ecosystem.

2. United States v. Saboonchi, 990 F.3d 1018 (9th Cir. 2021)

Background: Saboonchi was charged with extortion and other offenses after he used ransomware to lock a victim’s files and demanded payment.

Legal Focus: The case focused on whether Saboonchi’s actions qualified as extortion under federal law.

Outcome: The court upheld the conviction, emphasizing that demanding payment to unlock computer files fits within extortion statutes.

Significance: This case clarified that ransomware attacks meet the legal definition of extortion since the attacker uses threats to obtain payment.

3. United States v. Lui, 2020

Background: Lui was accused of conducting a ransomware attack on a healthcare provider, encrypting vital medical records, and demanding ransom.

Issue: The government charged Lui with violating the Computer Fraud and Abuse Act (CFAA) and extortion.

Outcome: Lui pled guilty, and the court imposed significant fines and imprisonment, stressing the dangerous nature of ransomware attacks on critical infrastructure.

Significance: This case emphasizes how courts treat ransomware attacks on sensitive sectors like healthcare as particularly serious.

4. Sony Pictures Entertainment Hack Case (2014)

Background: The North Korean-backed group “Guardians of Peace” launched a devastating cyberattack on Sony Pictures, stealing and leaking confidential data and demanding the cancellation of a film.

Issue: The attack was a form of cyber extortion and retaliation, combining data theft with threats.

Outcome: Although no individuals were prosecuted in the US, the incident led to increased cybersecurity awareness and international sanctions against North Korea.

Significance: Demonstrates cyber extortion in state-sponsored hacking and its geopolitical consequences.

5. United States v. Hutchinson, 2021

Background: Hutchinson deployed ransomware against multiple companies, encrypting their data and demanding payment.

Issue: The prosecution demonstrated how the ransomware operation was coordinated and the damages caused.

Outcome: Conviction for multiple counts of extortion, unauthorized access, and conspiracy.

Significance: This case shows effective federal prosecution of ransomware criminals, underscoring the seriousness with which such crimes are treated.

Summary of Key Legal Principles from These Cases

Ransomware as Extortion: Courts have broadly interpreted ransomware demands as extortion because they involve threats to harm or withhold property unless paid.

Severity with Critical Infrastructure: Attacks on healthcare, government, or critical services are prosecuted more severely due to potential harm to public safety.

Role of Malware Developers: The distinction between those who create malware and those who deploy it for extortion is legally significant but often blurred.

International Implications: Cyber extortion frequently involves international actors, complicating prosecution and enforcement.

Importance of Digital Evidence: Prosecutors rely heavily on digital forensics and expert testimony to link defendants to attacks.