Understanding cyber extortion and how you can protect against it
Cyber extortion is a form of cybercrime where attackers demand payment or other forms of compensation from victims by threatening to damage, disrupt, or expose sensitive data. This can take various forms, including ransomware attacks, where data is encrypted until a ransom is paid, and threats to launch Distributed Denial of Service (DDoS) attacks or release stolen information.
The significance of cyber extortion in today’s digital world cannot be overstated, especially with the ever-increasing frequency, affecting businesses, governments and individuals. The costs associated with cyber extortion can be substantial, with ransom payments, downtime and recovery expenses being crippling. Cyber insurance policies can be used to provide cover against the risks associated with cyber extortion.
How does cyber extortion differ from other types of cybercrime?
The primary motive in cyber extortion is financial gain through coercion. In contrast, other cybercrimes, such as data breaches or espionage, might aim to steal information for long-term exploitation or competitive advantage.
Cyber extortion involves direct interaction between the attacker and the victim, typically through ransom demands and negotiations. Other cybercrimes, like hacking or malware distribution, may not involve any direct contact with the victim
Cyber extortion specifically involves threats of damaging actions, such as data destruction, service disruption, or public exposure if the victim does not comply. Other cybercrimes may involve immediate theft or damage without any prior warning or demand.
Personally Identifiable Information (PII) drives the impact of cyber extortion, while evolving extortion tactics mean there are constantly new challenges to protect against threats. By understanding the specific characteristics and types of cyber extortion, organisations and individuals can better prepare to defend against and respond to these types of cyber threats.
What are the different types of cyber extortion?
Here we can outline some of the ways that cybercriminals can try and access sensitive data and systems. These are the threats that can be guarded against using strong cybersecurity practices and covered using a cyber insurance policy paired with a
crime insurance policy.
Ransomware
Ransomware can be delivered through a series of methods, including phishing emails or malicious websites. Drive-by downloads can mean ransomware is downloaded without any required actions from the user. Ransomware can also often exploit software vulnerabilities to gain access to sensitive data and networks.
Once active, ransomware can execute under the guise of a legitimate process to avoid detection, initiating a targeted file scan, usually in search of sensitive documents or databases. At this stage, the ransomware uses advanced encryption algorithms to make files unreadable, with an encryption key being the only method of unlocking. Victims of ransomware will then receive communications demanding payment in exchange for this key.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks involve overwhelming a target system, server, or network with an excessive amount of traffic. This traffic is generated by a network of compromised computers, known as a botnet, which are controlled by the attacker. Other methods can include using multiple sources to spread such traffic across many locations, making it difficult to filter out malicious traffic.
Initially an attack will cause significant disruption to the target’s online services. This will serve as a demonstration of the attacker’s capability to take down the system. Much like ransomware, the user will then receive a demand for payment from the attacker with attached payment instructions. Alongside this, there will be threats of further attacks in the event of non-payment.
Data Theft and Threats
There are many methods of data theft attackers can use to access sensitive data. Phishing attacks can be used to trick an individual into providing access to a network, while more sophisticated attacks can involve attackers exploiting vulnerabilities in software. Cybercriminals have been known to collude with insiders to gain access and steal data from within the organisation. Communications between legitimate parties can also be intercepted in some cases, with sensitive data being transmitted over networks.
After stealing sensitive data, cybercriminals will notify the victim demonstrating that they have the data by providing samples or screenshots. As with the other methods discussed, there will then be a ransom note, likely with a deadline to create a sense of panic and urgency for the victim. There will be an attached method of anonymous payment, such as cryptocurrency. Following this, there may be an escalation in the form of releasing partial data or increasing the ransom amount. As with the other methods of cyber extortion, this can lead to significant reputational damage, while legal and regulatory consequences may also add pressure on the victim to comply.
What are the impacts of cyber extortion?
Cyber extortion carries a large impact on both businesses and individuals, with a combination of first-party and third-party consequences for breaches and attacks of this kind.
Ransom Payments – Paying the ransom itself can be a significant financial burden, with demands often reaching thousands or even millions. It’s also an important consideration that attackers may not even provide the decryption keys after payment and may commit more attacks in the future.
Downtime Costs – During any downtime resulting from an attack, employees may be unable to perform their duties, leading to significant losses in productivity. There can also be lost sales in this period and missed business opportunities, which can be real problem for any business. Customer dissatisfaction is likely to spike in times like these, potentially costing an organisation future business and reputational damage.
Data Recovery Costs – Hiring cybersecurity experts to remove malware or restore systems will incur significant costs, while restoring data from backups involves serious amounts of time and resources. Post-incident, businesses may need to invest in security measures, hardware and software to prevent future attacks. These will add to the overall costs greatly.
Additional Costs – Non-compliance with data protection regulations such as GDPR can result in hefty fines and penalties. The costs associated with managing public relations after data breaches are often severe, while there is the added possibility that insurance premiums will increase as a result of the heightened risk profile attached to the organisation.
Prevention Strategies
There are many steps an organisation can take to limit the likelihood of any cyber extortion incidents. These, when combined with a
cyber insurance policy can be used to combat cyber extortion effectively and robustly.
Regular data backups
Regular data backups ensure the ability to restore lost or corrupted data to minimise downtime and disruption to business operations after an incident. Recent backups are vital to the restoration of data and may enable an organisation to avoid paying a ransom. These backups can also provide protection against corruption or accidental deletion of data. It’s important to ensure these backups are not connected to the same network as the original data, to provide isolation from cyber attacks.
Security awareness training
The training administered to employees is the first line of defence when it comes to protecting against phishing scams and other breaches resulting from human-error. Teaching staff to recognise the red flags such as suspicious links and emails or unsolicited requests for sensitive information will increase digital safety within an organisation. Understanding the methods of manipulation used by attackers will be enormously beneficial to both employees and organisations.
Endpoint protection
The use of endpoint protection methods such as intrusion detection systems (IDS) and firewalls can provide an invaluable layer of protection against cyber extortion. IDS can detect suspicious behaviour and known attack patterns. Firewalls can filter traffic, acting as a barrier between trusted internal networks and untrusted external ones. Protection methods such as these can provide a layered defence system against ransomware and other forms of cyber attack.
Patch management
Keeping software up to date with regular patches can mitigate against cyber extortion by constantly closing any vulnerabilities in software. Updates often contain enhanced security mechanisms, while fixing any bugs discovered in other instances of stress testing. Up to date software generally means more efficient processes, which can aid in both cyber security and overall productivity.
What to consider when responding to cyber extortion?
Incident Response Plans
A documented incident response plan can provide a clear step-by-step procedure to respond to cyber extortion, ensuring an effective and coordinated response. Having a well-documented plan will minimise confusion, likely resulting in less down-time and all members of an organisation knowing their roles and responsibilities. A clear set of procedures will likely lead to earlier detection, allowing for a swift identification and assessment of the threat. It's important to note that organisations can collaborate with insurance companies through their cyber policies to produce a clear incident plan. Insurers will have access to cybersecurtiy experts while being able to offer insight into best practices in the event of cybercrime.
Containment and Eradication
Swift disconnection of affected systems is vital in the event of cyber extortion. Examining system logs to trace the activity of any malware will lead to a quicker containment of the threat. Blocking malicious domains using firewalls will halt communications with the cyber extortionist in some cases, before antivirus and anti-malware tools can remove ransomware.
Payment Decision
In the event of cyber extortion, it can be difficult to know whether to pay the ransom involved. There can be ethical considerations surround whether an organisation wants to be seen to be encouraging this kind of activity, as well as any legal advice. It’s important to consider the likelihood of data recovery in these instances, since there is no guarantee in instances of cyber extortion. There may be alternative data recovery methods such as backups that make paying less necessary. Considering the ransom cost against the cost of downtime and recovery is important when making a decision, as well as any insurance coverage an organisation may possess.