Ransomware is evolving.
Fraudsters have now invented Extortionware.
Hackers have realised that if they encrypt files and demand a ransom, there is a risk that the ransom won’t get paid; their goal of financial gain will have been thwarted.
Not known for their stupidity hackers have, once again, developed a clever solution; steal the data, rather than encrypt it, then threaten to sell or distribute it.
Extortionware is taking many forms but it commonly thrives on the threat to expose a business to reputational damage. Data hasn’t been lost, but rather duplicated.
A cosmetic surgery chain had ‘before and after’ images stolen. Extortionists threatened to expose the photographs if the ransom wasn’t paid.
Another common theme of Extortionware is where criminals seek out embarrassing personal information on company personnel (the higher up the hierarchy, the better). Once the data is stolen the victim then risks seeing their personal secrets splashed for all to see if they don’t pay up.
On another occasion fraudsters actually managed to expose company fraud, so whilst we appreciate that is not necessarily a bad thing, the methodology most certainly is!
The threat of Ransomware is weakened when thorough backups take place; hackers encrypt the data but organisations are able to restore their data. Whilst this can take considerable time, it is possible and serves as damage limitation.
Backing up DOES NOT protect against Extortionware. Once the data has been stolen it could end up anywhere… even if the ransom is paid!
Whilst our examples of Extortionware relate to specific situations and businesses, any data loss can lead to immense reputational damage and possible fines if data protection is breached. No business wants to be responsible for losing control of their customers’ information.
Hackers are clever so we need to be cleverer. Putting rigorous IT Security in place is essential in order to protect against a security breach. Multi-layered security is vital, cutting off points of entry wherever they are.
Net Primates can undertake a security audit of your organisation, identify areas of weakness, and provide solutions that will help to keep you well-protected; hackers will be held at bay and your business will remain safe.