Organizations experiencing security incidents are sometimes said to be victims of “cyber extortion,” but it is often not clear what exactly that phrase means.
Most of us understand what cyber attacks and online scams are, and many of us are familiar with ransomware. Ransomware is a type of cyber attack that blackmails people into handing over money. But how is this different from extortion?
Simply put, cyber extortion is an umbrella term for a range of cyber crimes. It can be used whenever a criminal hacker compels a victim to do something after compromising a system.
Ransomware is a type of cyber extortion, but there are actually many techniques that scammers can use.
Why are cyber extortions so popular?
According to one report, 71% of organizations have been victims of cyberextortion.One of the most popular weapons in a cheater’s arsenal.
It’s also a wonderfully new technology. Until recently, there were only two ways for criminal hackers to make money through criminal activity.
The simplest tactic was to sell information on the dark web to other cybercriminals. Since personal information is sold for £10, this is a consistent but inefficient way to profit from criminal activity.
An alternative was to directly use the stolen information for fraudulent purposes. For example, if payment card data is stolen by criminal hackers, they can use the victim’s card to make fake payments for goods or services.
If attackers don’t capture these details, they can send fraudulent emails using people’s names and contact details. They are designed to steal login access to personal accounts that can be used for fraudulent purposes. Or you can sell access to your account to other criminals on the dark web.
These are all credible ways to make money from cybercriminals, but they are often time consuming and rely on the supply chain of other scammers.
Then ransomware increased. Malicious software encrypts victims’ systems and forces them to pay money in exchange for safely returning their data.
This technique allows cybercriminals to get paid directly for damaging systems without selling or using the stolen information. Many organizations have been willing to negotiate with criminal hackers who have become prime options for extortion-heavy criminal hacking groups.
Examples of Cyberextortion
The most common type of cyber extortion is ransomware. The terms are often used interchangeably.
Ransomware is a type of cyber attack in which criminal hackers inject malicious code into a victim’s system, disrupting services and encrypting files. The attacker then demands payment for the decryption key, usually in Bitcoin.
Organizations affected by ransomware are often reluctant to disclose specifically that they have been infected with malware. This has made the term ‘cyber extortion’ popular.
Victims prefer this term because it has connotations related to malware infection. This means that the victim has weak security protocols (correct or not).
In contrast, the term ‘cyber extortion’ portrays the victim as a victim of blackmail, shifting the blame solely to the criminal hacker.
Meanwhile, there are other types of cyber extortions that do not involve ransomware. In fact, the concept of blackmailing organizations is so widespread that cybercriminals often use it in traditional cyber attacks.
This is especially common when the intrusion involves sensitive personal information. For example, Finnish healthcare provider Vastaamo has been hacked.The extortionists demanded 40 Bitcoins (approximately £400,000 at the time) or else they would release the health data of 40,000 patients.
Information included the patient’s name, home address, social security number, and notes from the therapist and physician for each session.
Nevertheless, Vestamo refused to negotiate and the hackers individually threatened the patients.
See also:
Another example of cyberextortion is the ‘sextortion’ scam, in which criminal hackers target individuals claiming to have video of their victims watching or performing (often inappropriate) sexual acts. They then demand money to keep the evidence undisclosed.
Victims usually know they haven’t done anything wrong, but scams work for the same reasons traditional phishing attacks do. People often panic under pressure. Victims of sextortion scams often assume that they have taken something out of context or that the scammer can tamper with the evidence.
The most prominent example of sextortion is Amazon owner Jeff Bezos and Washington Post. Not a cybercriminal organization, but a competing publication. National Enquirer.
in 2019 Washington Post started investigating. National Enquirerhas released details of Bezos and Lauren Sanchez’s relationship. Bezos later received a message threatening to release nude photos of him in his investigation. National Enquirer‘s report was not politically motivated.
Bezos refused to comply with the request. Post the threat online. The nude photos never materialized, which, like many sextortion scams, is an empty threat, indicating that the blackmailer has no material to compromise.
Who is most vulnerable to cyberextortion?
Cyber extortion affects organizations of all sizes and in all sectors. There is only one thing a scammer considers when looking for a victim. How likely are you to pay the money.
One factor influencing this is the amount of cash an organization has at its disposal. Larger organizations have higher returns and will see standard extortion amounts. Typically around £30,000 – Less losses than smaller organizations with less revenue.
While smaller organizations are often targeted (because criminals will exploit any weakness they can find rather than looking for a specific target), scammers always prefer someone who can pay them off immediately.
But revenue isn’t the only factor that affects an organization’s likelihood of agreeing to a cybercriminal’s demands. Through some types of cyberextortion, such as ransomware, attacks compromise victims’ systems and severely affect their ability to operate.
In some cases, the pressure to bring systems back online to prevent catastrophe will increase. This is why healthcare facilities are the most frequent targets for ransomware.
Hacker crime knows that continued disruption can cost lives, so many healthcare companies feel they have to pay. For the same reason, the education sector and public services are often targeted.
When schools close, children miss classes and fall behind. Also, when schools are closed, students need to stay home and have someone to take care of them.
Meanwhile, disruptions in public services can affect citizens’ well-being and cause backlash. Given that members of Congress are publicly elected, decision makers will want to avoid any confusion that could work against them, and they may be tempted to pay the price and not want their actions to be made public.
How can I prevent cyberextortion?
The unfortunate reality is that it is impossible to prevent cyberextortion attempts. In an increasingly digital world, organizations face too many vulnerabilities to eliminate them all, so the threat of cybercriminals is ever-present.
That’s why data breach numbers continue to soar every year, with IT governance identifying more than 1,200 publicly disclosed incidents in 2021.
Of course, there are steps you can take to reduce your risk of becoming a victim. A strong information security management system is an essential start, and various technical defenses such as threat detection and data encryption should be supplemented with employee awareness training to help employees avoid costly mistakes.
On the other hand, there are steps you can take to protect yourself if you are being extorted. First, you need to ask yourself if there is any legitimate basis for the intimidation attempt. If an attacker claims to have footage or other corrupted data, are you sure it exists?
Similarly, if you are victim of ransomware, you should make sure that your system is indeed encrypted. In some attacks, files can be decrypted without paying criminals a decryption key.
In other cases, attackers use wipers that delete files without encrypting them. Therefore, paying the ransom is not helpful. Because the information is already gone.
When it comes to traditional ransomware, the best defense is to be prepared for the inevitable attack. This means you should create offline backups of your important data and update them regularly. The more important your information is and the more often you use it, the more often you should back it up.
When it comes to backing up your data, it is important to understand the difference between offline backups and what is commonly thought of when referring to backups that simply automatically overwrite stored files.
Overwriting prevents loss of progress if the system crashes, but it doesn’t help with ransomware attacks because everything stored on an internet-connected device can be encrypted.
An offline backup contains a second set of important information separated from the files on individual computers or servers. This ensures that a secure version of the data is available even after the system is encrypted.
You want them to stick to their word and you are not forced to pay the attackers the price. Instead, you can wipe the infected system and rebuild it in a safe environment.
Another essential defense mechanism in the fight against cyberextortion is employee awareness training. Ransomware often enters organizations’ systems via phishing emails, tricking employees into downloading malicious attachments.
Educating your employees about the threat of these attacks can greatly reduce their chances of becoming victims.
and GRC eLearning Ransomware Employee Awareness E-Learning CourseYou will learn everything you need to stay safe.
This 45-minute training course trains your team on the threat of ransomware and the steps you need to take to protect your organization.
It contains a dedicated section on phishing threats and how cybercriminals use scam emails to infect organizations. With this online course, your employees can be confident that they can spot phishing emails, respond appropriately, and protect their organization.