Businesses are being held to ransom by tech-savvy criminals who have stolen important data, say police.
Bookies were first to be hit by hi-tech extortionists
The thieves exploit lax security to nab customer lists and then extort cash from victims for their safe return.
The UK's National Hi-Tech Crime Unit said criminals were moving on from targeting gambling sites to firms because they were easier targets.
Telecoms supplier Energis said some of its customers had reported attacks by thieves looking for important data.
Over the last couple of years the main victims of cyber-extortionists have been online gaming sites that let people bet on sporting events.
Many criminal groups, often based in Eastern Europe, have used so-called Denial of Service attacks to overwhelm websites at key times to deny people the chance to place a bet.
But, says Detective Chief Superintendent Mick Deats, head of the UK's National Hi-Tech Crime Unit, some of the criminals are now moving on to target firms that are not doing enough to protect important data.
"It's a problem," he told BBC News Online. "This is financially-motivated hacking whereas a few years ago they would have been doing it for mischief or notoriety."
"Any company that's engaged in e-commerce has to be very careful as their data is very valuable," he said.
"The cases we have had reported have tended to be thefts of personal information," he said. "They want people's details, credit card numbers, for obvious reasons."
In some cases the groups want cash to return an entire customer database, in others firms are being asked to pay a bounty for each entry in that contact list.
Mr Deats said the criminals also make money selling the contact list on to spammers and phishing groups keen to get hold of live e-mail addresses.
Lax security, improperly configured firewalls, unpatched programs and poor anti-virus efforts all allow the criminals to get access to businesses, said Mr Deats.
"This is easy money for these guys," said Malcolm Seagrave, security expert at Energis, "it's a lot less dangerous than burglary and stealing things that way."
In some cases even back-up copies of data had been stolen so firms could not even restore the information that had been taken.
Mr Seagrave said firms needed to take computer security as seriously as they took the physical security of their buildings.
Users had to be educated about the risks of clicking on attachments in e-mails that could bear viruses, key loggers and trojans that pass information back to criminal groups.
As well as installing anti-virus software, firewalls and intrusion detection systems firms must do more work to spot new threats before they strike, he said.
"Companies that fail to protect themselves are just asking for trouble," said Mr Seagrave.