Facing extortion used to be the stuff of spy movies and high crimes-not something everyday small and medium business owners had to face. Oh boy have times changed! Now with Ransomware a household name, extortion is a common business occurrence.
Because the frequency of cyber attacks are so appallingly high, it’s important to familiarize yourself with the most typical forms of extortion. According to Amer Owaida at ESET, an anti-virus provider, Ransomware is typically the most used form of digital extortion.
“The basic premise is that your device will be infested by ransomware using one of the various tactics hackers employ, such as duping you into clicking on a malicious link found in an email or posted on social media or shared with you through a direct instant message,” he explains. “After the malware makes its way into your device: it will either encrypt your files and won’t allow you to access them, or it will lock you out of your computer altogether, until you pay the ransom. It is also worth mentioning that some ransomware groups have added a new functionality; a form of doxing wherein they traverse your files looking for sensitive information, which they will threaten to release unless you pay them an additional fee. This could be considered a form of double extortion.”
Another frequently used method of extortion is when hackers steal your data and threaten to publish it unless you pay a ransom. While this used to be the “traditional” data breach hack, now ransomware groups have adopted this strategy as well, as if a data breach alone isn’t devastating enough to an organization.
Some of the most despised forms of extortion are sextortion and sextortion scams. Sextortion is basically old school blackmail conducted over the Internet. These scams often begin on dating platforms with the attacker catfishing the victim in order to obtain sensitive photos. In a sextortion scam, meanwhile, the attacker is bluffing. Often, the scammer will send out emails to a large group suggesting to recipients that a hacker has obtained embarrassing footage of them via their webcams. If the scammer sends out enough of these emails, at least some of the recipients will fall for it because of bad timing and a heavy dose of guilt.
The last type of extortion blasts DDoS attacks against an organization until the victim pays a ransom. These attacks can go on for days, potentially costing the targeted organization hundreds of thousands of dollars. It’s like getting attacked by ants on multiple fronts. They never stop coming!
In each of these scenarios, victims should avoid paying the ransom. Not unlike the government who says they won’t negotiate with terrorist’s, paying an extortionist only encourages future crimes, it also marks you as someone who’s willing to pay. Most victims who pay the ransom end up attacked again in less than a month.
“There are multiple steps you can take to lower the risks of ending up in the crosshairs of cyber-extortionists,” Owaida suggests. “For starters, you should always implement cybersecurity practices both in your work and personal lives, which include using two-factor authentication and keeping all your devices patched and up to date. You should also avoid recycling passwords– since those are responsible for many account compromises – use strong passwords or passphrases, and avoid oversharing information that could be used against you.”
If you need assistance with cybersecurity services, contact DarkHound at [email protected].
Source: Knowbe4, ESET
Image Source: https://www.pexels.com/photo/person-holding-a-burning-news-paper-close-up-photography-2538122/