Net Extortion (also called Cyber Extortion) is a form of cybercrime where an individual or group threatens to damage, steal, or expose sensitive digital information or disrupt services unless a ransom is paid. These threats are usually made through email, dark web channels, or encrypted messaging platforms.
It is a digital version of traditional extortion and is punishable under the Indian Penal Code (IPC) and the Information Technology Act, 2000.
Common Forms of Net Extortion
- Ransomware Attacks
Malicious software locks files or systems and demands payment (usually in cryptocurrency) to unlock them. - Data Breach Threats
Hackers steal sensitive data (e.g., customer records, financial info) and threaten to publish it unless paid. - DDoS Threats (Distributed Denial of Service)
Attackers threaten to crash a website or service unless a ransom is paid to prevent the attack. - Sextortion
Threatening to release private or explicit images unless the victim pays or meets certain demands. - Corporate Blackmail
Employees or competitors may use internal information to threaten a business for monetary gain.
How Net Extortion Happens
- System Compromise: Hackers infiltrate a network via malware, phishing, or vulnerabilities.
- Data Access/Theft: Sensitive data is accessed, encrypted, or stolen.
- Demand Message: The victim receives a threat demanding money or service in return for not publishing or destroying the data.
- Payment Request: Usually via anonymous cryptocurrency like Bitcoin.
- Action Taken: If the victim pays, the attacker may or may not fulfill the promise.
Legal Provisions in India
Under the Information Technology Act, 2000:
- Section 66: Hacking and illegal access
- Section 66C: Identity theft
- Section 66D: Impersonation and cheating using computer resources
- Section 43: Unauthorized access, data theft
- Section 72: Breach of confidentiality and privacy
Under the Indian Penal Code (IPC):
- Section 383-389: Criminal extortion
- Section 506: Criminal intimidation
- Section 503: Threat to cause injury to reputation or property
Real-Life Examples
- WannaCry Ransomware (2017): Affected thousands of systems globally, demanding Bitcoin payments to decrypt data.
- Targeted attacks on Indian SMEs: Several small businesses have faced ransomware attacks targeting their billing or customer databases.
Preventive Measures
- Keep software and antivirus updated
- Backup important data regularly
- Avoid clicking unknown links or downloading suspicious files
- Use strong, unique passwords and enable two-factor authentication
- Train employees on cyber hygiene
- Use secure firewalls and network monitoring tools
What to Do if You’re a Victim
- Do not pay the ransom (unless advised legally, as payment does not guarantee recovery)
- Disconnect infected systems from the internet
- Report to Cyber Crime Portal: https://cybercrime.gov.in
- File an FIR with the local police or cybercrime unit
- Consult a cyber law expert or digital forensics professional
