Extortionists are forcing banks and e-commerce companies to pay big money to avoid having their customers' private details posted on the internet.
"More and more criminals are hearing about this technique and how well it works," said Alan Paller, director of research for security organization SANS.
"And more and more kids with computer skills are getting out of school all over the world without great prospects for jobs."
He said other online companies such as gambling sites were paying extortion to avoid having their sites taken down in distributed denial-of-service attacks.
According to Paller, terrorists could be funded by this new breed of extortionist, raising funds for attacks and weapons.
He said while there was not much publicized about the extortionists, six or seven thousand organizations are paying online extortion demands.
For example, Authorize.net, which handles creditcard transactions for online merchants, said attacks that caused outages for the company were later attributed to extortion schemes in which attackers threatened to knock the firm's website offline.
While Authorize.Net executives said the company had invested heavily in defense, "the nature of this attack was something we had never experienced."