Despite what Hollywood says, extortion is not just something that happens to top-level businessmen. It happens hundreds of times every day in the United States alone. Last year, the FBI’s Internet Crime Complaint Center (IC3) said it received 17,146 extortion-related complaints, with a financial loss of over $15 million. The majority of victims are over 60, but the 30–39 category isn’t far behind.
Those are high numbers, but do they tell the whole story? Chances are, it isn’t even close.
There are different types of extortion, and due to the nature of ransomed information, many people aren’t reporting it. For instance, 2,673 of those complaints were ransomware, which is malicious software that scrambles a victim’s most important files and holds them hostage until the victim pays a ransom.
But Catalin Cimpanu, an expert who writes for BleepingComputer.com, says that figure is “ridiculously small compared to what happens in the real world, where ransomware is one of today’s most prevalent cyberthreats.” He suggests that people must be paying ransoms, restoring from backups, or reinstalling PCs without alerting the authorities.
The idea of unreported crime is consistent with the government’s reports on fraud. They estimate only 15 percent of the nation’s fraud victims report their crimes to law enforcement. Statistically, if the estimated fraud complaint-to-loss ratio is accurate, victims of extortion didn’t lose $15 million. They lost closer to $9 billion.
As for how many of the victims actually paid the ransom, it’s difficult to calculate. But this much we know: Reporting extortion and fraud is important, but America at large doesn’t seem to want to.