By Alastair Paterson
If you’re familiar with mafia movies then you’re familiar with extortion – the practice of obtaining something, especially money, through force or threats.
Extortion has been around for centuries – well before The Godfather or Goodfellas. Even cyber extortion, which extends this criminal activity into the digital world, isn’t new. What is new, however, is the wide variety of methods that are used by the bad guys to get their money.
Types of cyber extortion
Three main tactics are behind cyber extortion: the threat of distributed denial of service (DDoS), the threat of data compromise and ransomware.
DDoS attacks are one of the most popular means to facilitate extortion. These types of attacks typically target business-critical websites in order to increase the likelihood of payment, usually via Bitcoin (BTC), and can have crippling effects on organizations.
A second method of extortion involves the potential release of compromised data. This method is dependent on the fact that the target’s data has already been compromised. The threat of its release to the public domain is used as blackmail in order to extort money from the affected entity.
A third type of extortion – and the one most often in the news as of late – is ransomware, malicious software (malware) that restricts access to the computer system it has infected. The malware demands that a ransom be paid before restoring access to affected resources.
Ransomware can prevent access to many features of a victim’s machine, including files, applications and the operating system itself.
At a high-level, the ransomware process is fairly standard. Files are encrypted and the attackers, who hold the decryption key, will only allow the target to decrypt the files after the required BTC ransom is paid. Specific details of the attack, however, will depend on the variant.
Until recently, ransomware has been delivered most commonly via drive-by-downloads from exploit kits, or through spam emails that either contain malicious attachments or encourage recipients to visit websites hosting malicious content.
But we see that starting to change, with threat actors using more targeted methods to achieve their objective, such as spear-phishing emails purporting to be from a job applicant or including the name, job title and job-relevant information of the recipient.
How to combat cyber extortion?
So how can you combat cyber extortion? Cyber situational awareness can give you greater insights into the tools and processes used by actors that employ DDoS-based extortion and compromised data release extortion.
Advanced knowledge of the typical demands of a threat actor and their capabilities can help you make difficult decisions if presented with such a scenario and help you prevent future attacks.
Mitigating ransomware threats is more complex. It requires a combination of technical and process controls and company-wide engagement – from employees, to executives, to IT security teams.
Cyber situational awareness can help you understand the infection vectors of the malware and apply the appropriate security controls to mitigate the risk of infection. This includes insights you can use to raise staff awareness of how ransomware attacks occur and help you devise technical and procedural controls to prevent infection and to develop ransomware response procedures in the case of infection.
Of course, ensuring that backups are maintained and are separate from the network can increase resilience to such attacks. In addition, several decryption tools have been released but, in the cat-and-mouse game between ransomware and such tools, their effectiveness tends to be short-lived; ransomware developers are continuously developing encryption methods to evade them.
As defenders, staying up-to-date with the latest trends and innovation can be hard, but it is essential in order to effectively prevent and mitigate the effects of extortion on your business.