Cyber extortion threats are on the rise. The threat the hacker uses is that if a certain amount of money is not paid, then information of some sort will be exposed. Hackers gain access through a digital break in. Cyber extortion is different then ransomware attacks. Ransomware will render a hard drive/server/file unreadable/unaccessible until a ransom is paid. Extornists threaten to expose sensitive material and people are paying them. But, in some cases the threats are just that – threats, and the hackers are bluffing.
Cyber extortion can take many forms. The below, is by no means, an exhaustive list.
*Denial-of-Service attacks – attack happens, and then hackers demand money to stop the attack.
*Patient data attacks – taking information from server and then hackers demand money to stop the publication of PII and/or medical information of patients.
*Installing malware – for example installing malware on an executive’s individual computer, taking data and then demanding money to keep that information from going public.
*Disgruntled employee attack – employee breaks in to company’s computer system and wreaks havoc. This type of hacker usually wants recognition, not necessarily money, but it will still cost the company money cleaning up the mess.
*Law firm attack. Law firm is breached and data taken. This data can take the form of intellectual property, mergers, or any type of litigation. The data can then be used to generate better outcome for one side of the litigation, or can be used to embarrass firms. Hackers may also do this for political gain.
*Hackers can plant information, in addition to malware. Interestingly, cyber extortionists can plant child pornography on an executive’s computer, and then threaten to make that information public.
*Hackers can release personal data. Hackers can also access an executive’s computer and threaten to release private information such as credit card information, PII, or embarrassing pictures/sexts.
Payment will not guarantee that the issue will be resolved.
How to protect against this? Protective measures are imperative in today’s world. Backing up data, practicing cyber hygiene, having a current incident response plan, data encryption, constant risk assessment, and weighing which data is most important are some of the protective measures all of us can take to protect against cyber extortion. Also, it is important to get cyber extortion insurance coverage to protect against the losses incurred.