How Cyber Extortion WorksCyber attackers know that businesses may give in and pay extortion money regardless of how unwilling they are to not legitimize attackers' methods. In addition, the growing popularity and availability of digital currencies, such as Bitcoins, enable attackers to carry out their exploits anonymously and avoid leaving paper trails. Here are cyber extortion modes you should be on the watch for and countermeasures you can take: 1. Ransomware Ransomware is a type of malware that encrypts important data belonging to a business or an organization. In exchange for a decryption key and regaining control of company servers, attackers demand money from their victims. Cryptolocker ransomware had a big resurgence these past few years. In particular, several hospitals have been hit by ransomware attacks, possibly because IT security was not a priority at those organizations. In the face of a growing number of ransomware attacks, companies need to prepare for an attack ahead of time. To illustrate, when the Lincolnshire County Council became the target of cyber extortion via a ransomware attack in early 2016, several of its databases were inaccessible to the council’s personnel. The attack also prevented the council’s online libraries and booking systems from working for some time. In the face of the attack, the council immediately shut down its servers and requested its security provider retrieve its data from backups. These measures helped prevent the situation from escalating into a major security breach, not to mention that the council did not lose any penny in ransom payment. This shows how important it is for businesses to have backup systems for files, data and even bandwidth capacities, as well as to have a quick response plan in place. 2. Withholding sensitive data Criminal hackers can make a profit out of stolen data in a variety of ways. They can release and sell confidential information like trade secrets and customer data. Actors can incorporate that data, in turn, into other schemes, such as insider trading, phishing and identity fraud. To protect your organization against cyber attacks of this nature, you should:
- Avoid opening emails and accompanying links or file attachments, especially those with “exe” extensions that come from sources unknown to you.
- Use only secure websites or those with https:// or a padlock icon at the beginning of the URL, which signifies the browsing session is encrypted with a digital certificate as a means to verify the integrity of the data being sent.
- Store the most valuable information locally on well-protected removable devices instead of a cloud driver. If cloud storage is really necessary, be sure to encrypt your files or data before uploading them.
- Verify that there has actually been a breach, not a false alarm or some trick deployed by fraudsters instructing you to prematurely update login credentials or other security information.
- Place a security freeze on credit or financial accounts, as this can help restrict online thieves from consummating illegal transactions on such accounts.
- Have your IT specialists use forensics to analyze web traffic and identify the cause of the hacking event.
- Communicate the problem along with planned solutions to all stakeholders, including management, employees, technical consultants, clients and media (if necessary).
- Implement your data breach plan by containing the leakage of data, removing the hack from the system, patching affected systems and preserving evidence of the breach.
- Setting up of routers and firewalls to block traffic through basic filtering approaches.
- Sinkholing or diverting traffic into a black hole.
- Using dedicated DDoS-mitigating hardware.
- Having multiple ISPs to max your bandwidth.
- Taking advantage of cloud mitigation services’ expertise and technology.
Initial Response to Cyber ExtortionHopefully, by now, you have prepared a Cyber Incident Response Plan to help you deal with the situation. This plan should contain the following elements:
- Response Team
- Initial Response
- Initial Investigation
- Recovery and Follow-up
- Public Relations
- Law Enforcement
Prevention of Future Cyber AttacksTo ensure that history won’t repeat itself, here are the best practices that you should follow:
- Conduct regular security risk assessments and system configurations to secure your network.
- Monitor personal computers and mobile devices that may inadvertently or improperly access critical internal systems. Test controls around these systems regularly, too.
- Educate end users about safe e-mail and web browsing practices, and test their behavior periodically.
- Conduct trainings within your organization and include extortion information to increase your employees’ security awareness.
- Simulate cyber extortion scenarios with third-party vendors and your organization to help you update and test your business continuity plans.
- Move your data to the cloud as an option to distributing it across multiple endpoints, personal e-mails and data center internal servers.
- Audit third-party vendor software and services.