Ransomware is one of the biggest trends in cybersecurity right now. The tactic, which generally involves encrypting or otherwise preventing access to devices or data until a ransom is paid, can be easy to execute and prove highly lucrative.
However, some companies have found that by taking preventative steps such as frequently backing up systems in multiple locations, they can mitigate the worst of the damage. Therefore, criminals have had to evolve their attacks in order to increase their chances of being paid. Frequently, this sees hackers turn to extortion tactics.
What is extortionware?
As a result of growing awareness of the threat, partly thanks to highly publicized incidents such as WannaCry and NotPetya, traditional ransomware techniques that aim to encrypt data are no longer the most popular form of attack. In fact, according to research by Venafi, only around one in six ransomware incidents (17%) now solely demand money in exchange for a decryption key.
Instead, it claims 83% of attacks now involve some form of extortion effort, where criminals threaten to do further harm to a business unless they receive a payment.
These types of attacks are often more highly targeted than relatively indiscriminate ransomware efforts, with hackers focusing their energies on businesses that contain highly sensitive or confidential data, or those that would be especially damaged by any interruption in service.
How does extortionware usually work?
The most familiar form of extortionware is commonly known as 'double extortion' ransomware. In these attacks, instead of just encrypting data, criminals also exfiltrate it from the business. In this case, companies are usually told that if they fail to pay the ransom to decrypt their data within a certain time, the stolen documents will be published online.
Such threats to expose exfiltrated data can be particularly effective against businesses that hold information such as intellectual property, trade secrets or valuable customer details, and can therefore act as a powerful motivator to companies that would otherwise ignore demands and attempt their own data recovery.
This can leave businesses facing a serious dilemma. Failure to pay up could mean losing a competitive advantage or lead to reputational damage as the business is publicly shamed as an organization with poor security, which can result in losing potential customers who can no longer trust it with their data.
On the other hand, if companies do pay, this sends a message to every criminal out there that they’re a worthwhile target, which can lead to them facing many more similar attacks in the future, resulting in much higher long-term security and mitigation costs, as well as making it harder to secure cyber insurance.
Other types of cyber extortion
Another technique may be to target individual employees with the threat of releasing compromising or embarrassing information unless they provide a ransom payment. For instance, in 2021, criminals claimed to have obtained details of the pornography habits of an IT director at a major US firm, while elsewhere, hackers said they had found evidence of fraud within a firm's emails.
As well as demanding a ransom directly, such information could even be used as blackmail material to force an employee to steal more data or install malware, in effect turning them into a malicious insider for further attacks.
For businesses that depend on real-time services, a hacker may not even have to do anything to earn money beyond contacting a firm and threatening to launch a distributed denial of service attack unless the firm pays up.
Why is extortionware so dangerous?
Extortionware places a great deal of pressure on businesses to pay up quickly to avoid damaging headlines and the loss of what may be years or decades of confidential work. For businesses that have large research and development divisions, for example, having this information published could be hugely costly, both financially and by giving away critical secrets to competitors.
The reputational consequences can also be significant for both businesses and their customers. For example, in 2020, the hacking group REvil targeted a Los Angeles law firm whose clients included the likes of Lady Gaga, Drake and Madonna, claiming to have 756 gigabytes of stolen data such as embarrassing photos, personal correspondence, phone numbers and contracts of many celebrities. Having such information released could have cost the firm many major clients, as well as future business.
How can you avoid falling victim to extortionware?
Once your data is in the hands of criminals, there's often very little you can do to get out of the situation. After a demand has been made, every option comes with serious downsides, so whether you pay up or not, you're putting the company's finances, reputation and future security at risk.
As a result, prevention must be where you focus your efforts. While familiar antimalware solutions, next-generation firewalls and user training are all vital elements in reducing your risk, tools that can specifically look for unusual activity within your network in order to spot any efforts to remove files are essential.
Anti-data exfiltration technology typically works by monitoring your network activity for unusual behavior or traffic. For example, it can sound the alarm if confidential files are being accessed by unauthorized accounts or being copied and transferred at a much higher volume than normal. This then automatically blocks the activities to ensure you don't end up with any nasty surprises.
Further reading:
- Search and Destroy: 3 Methods of Detecting Ransomware Attacks
- How to Prevent Ransomware from Becoming a Cyber Disaster
- Endpoint Security Buyers Guide
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...