Extortion and Reputation - Part 1

17 January 2018

Cyber extortion is not always restricted to cyber space. This past Boxing Day, a cyber extortion incident turned physical on the streets of Kiev in the form of a balaclava-clad gang and a black Mercedes when an executive of a UK-based cryptocurrency exchange company was kidnapped. The executive was later released after paying $1 million ransom in Bitcoin.

The UK-registered bitcoin company released a statement saying that operations were not affected by the kidnapping. A day later, the company’s website suffered a distributed denial of service (DDos) attack that temporarily impacted trading.

Following the executive’s release, the biggest risk to the company is not only vulnerability to a secondary attack, it is the impact of speculation and rumours. As in all extortion incidents, whether in cyber space, on land or water, reputation management is a key element both during an incident and post-resolution.

Extortion can have a profound impact on victims, families and organisations, as well as many others connected to the crisis. It can involve days, months, and sometimes years, of high-stress negotiations. An ill-considered reputation management plan could prolong financial recovery, bring negative publicity to - or threaten the viability of - the victim’s organisation, create further risk and in extreme cases, lead to another kidnapping or extortion attack due to perceived weaknesses by secondary perpetrators.

Speed of response is crucial to limiting the negative impact on reputation. The following steps are central elements of this response immediately following an incident:

  1. Communication: A Reputation Risk Management System must be in place alongside a Crisis Management System, pre-crisis, to ensure that there is a plan to proactively handle communications with external stakeholders during and following an extortion incident.
  2. Business Continuity: An extortion event must not derail business operations and open the door to rumours of collapse or failure. During and following an extortion incident, leadership must continue to dedicate their time to running the business, ensure client and employee requirements are met and the organisation’s brand is maintained and potentially even bolstered.
  3. Immediate Actions Post Release: When the victim is released, he or she will be in a fragile state of mind. Medical attention should be to hand before the victim is moved to a private venue to recuperate. In the case of an abduction, it is important that an immediate debrief is completed as soon after the release as possible whilst the events are fresh in the victim’s mind. Support and counselling should also be made available not only to victim, but to the family and organisation’s Crisis Management Team (CMT) as well. In the case of a cyber extortion, an incident must be immediately triaged and remediated. Containing the impact is not enough, a thorough and cross-organisational collaborative review of the attack is essential in preventing long-term or residual reputational damage and improving the prevention and response process in the future.

No reputation-focused response measure can replace the benefits of preparedness in advance of an extortion incident. A comprehensive, forward-looking, proactive plan, supplemented by regular and dynamic training prior to an incident occurring is crucial to reputation resilience.

The cross-section of physical kidnap for ransom with cyber extortion as demonstrated on Boxing Day in Kiev points to a new development and suggests that despite rapid technological change, the traditional elements of kidnappings are still very much in play.

In Part 2 of this series we will look at the essential ingredients of a Crisis Response Plan including the ideal make-up of a Crisis Management Team (CMT).

Receive our monthly newsletter

About the Author

Brittany Damora

Associate, Advisory

​Brittany has extensive experience in international crisis response and risk mitigation; advising wealth owners, international families and governments on a range of security threats, as well as leading incident response teams when a crisis hits.

646 934 6219