Cyber extortion claims a staggering number of victims every year, along with a growing number of active criminals. The number of victims is growing explosively by 62 percent among SMEs. In addition to the SMEs themselves, this is a great danger for larger multinational companies, which often depend on smaller and medium-sized companies in their supply chain.
In the security world, cyber extortion is referred to as Cy-X. Because of its lucrative nature, cybercriminals focus on compromising sensitive and confidential corporate data. They block access until a ransom is paid, although some techniques go further. For example, a hacker may threaten to publish sensitive data on the dark web or even involve customers and partners to force payment.
The threat of publication on the dark web is also often turned into action. The hacker or hacking group then posts a company’s name on an underground forum, showing a small portion of the stolen data. This is to embarrass the victim publicly. Another criminal can then run off with the published data to do further damage.
Orange Cyberdefense’s Security Navigator 2025 offers companies insights into the latest trends so they can adapt their strategies. Orange Cyberdefense bases these insights on data from its Security Operations Centre, supplemented by other sources. Based on this, the report maps the threat landscape as accurately as possible and outlines an outlook for the year ahead. This allows organizations to better prepare for the modern threat landscape.
Cy-X through the years
Using the dark web also allows security experts on the defence side to see what’s going on there. That’s what Orange Cyberdefense did so that one could better understand Cy-X developments. Based on that, 4,201 victims of cyber extortion have been identified in the past 12 months. This represents a 15.29 per cent increase from last year. With this, the clear trend of growth is now definitely a fact. There were previously some question marks about continuing that trend, as a decline was recorded in 2022. According to Orange Cyberdefense, that drop in 2022 appears to be due to the diversion of Cy-X groups due to the war between Russia and Ukraine. Hackers often adjust their techniques during such major global events. Meanwhile, the hackers have regrouped again, creating a “normalized” scenario.
Orange Cyberdefense does comment that there has been a significant victory in the past year. Earlier this year, police tackled the Cy-X group LockBit under Operation Cronos. These hackers have taken many victims in terms of cyber extortion, making them considered one of the largest groups. During Operation Cronos, 34 servers were taken offline and arrests were also made. More actions against LockBit followed throughout the year. While those are steps in the right direction, LockBit has not yet been completely dismantled. It continues to create victims, but there could have been many more.
Toward stronger resilience
The Security Navigator 2025 identifies a 15.29 percent increase in cyber extortion victims. SMEs are particularly heavily represented in this, with a 62 percent increase. Because of their relationship, SMEs can be a gateway to larger organizations. Certainly, the fact that SMEs do not always have the desired advanced security strategy makes them a desirable target in Orange Cyberdefense’s view.
Large organizations should have third-party contingency and incident response plans ready to better respond to this. In addition, they can strengthen their resilience by sharing best practices across the supply chain to empower their SME partners. According to Orange Cyberdefense, the standard resilience steps should be followed: from prevention to protection to response to recovery. However, as logical as that sounds, with the threat of cyber extortion, not enough organizations have the standard principles in place.
Are you curious about more insights from Security Navigator 2025? Then check out the full report.
Tip: European countries face storm of pro-Russian hacktivism