Why Ransomware Extortion is a Threat

Why Ransomware Extortion is a Threat

Over the last few years, ransomware has gone from being a little-known threat to one of the biggest cyberthreats facing every business. Attacks that seek to make key files or devices inaccessible until a ransom is paid are now big business, with demands climbing from a few thousands dollars to hundreds of thousands or even millions if companies are to regain access to their systems.

In 2021, a joint advisory published by the FBI, NSA, UK National Cyber Security Center and others highlighted the increasingly globalized nature of these threats. It noted, for example, that 14 of 16 critical infrastructure sectors in the US had come under ransomware attack in the previous year. Meanwhile, IDC estimates one in three organizations globally fell victim to a ransomware attack last year.

However, more traditional types of ransomware that merely seek to encrypt files are quickly becoming displaced as businesses shore up their defenses with tools such as effective backups. Therefore, criminals have had to turn to new methods in order to extract a return from their attacks.

The Rise of Extortion Ransomware

Previously, most ransomware worked by encrypting files, which could be either business documents or system files to prevent devices from working altogether. Cybercriminals then demanded payment in exchange for the decryption key. But this is no longer the case. Today, the majority of ransomware attacks include an extortion threat.

In a typical ransomware extortion scheme, files are not only encrypted, but are also copied and exfiltrated from the network. Then, when the time comes to demand payment, hackers also say that if the business doesn’t meet their ransom demands within a given timeframe, they will publish the stolen files, or undertake some other activity to harm the business, such as a DDoS attack.

This is known as double, or even triple extortion, with threats to release confidential information to the public, disrupt internet access or inform customers, shareholders or other partners about the incident unless they pay the ransom.

It puts more pressure on businesses to make a quick decision, boosts the odds of criminals getting a big payout and increases the number of risks firms are exposed to, so this type of ransomware is something every firm should be concerned about.

Why Extortion Poses Big Problems

There are numerous additional problems that an ransomware extortion attack can bring. One of the biggest issues is the potential for highly confidential corporate information to be released publicly. This may include trade secrets or upcoming product designs that can see firms lose their competitive edge.

There’s also the potential for scrutiny by regulators or shareholders. This can lead to large fines if certain information such as customer details are compromised, as well as class-action lawsuits from those affected.

Finally, there’s the long-term reputational damage that this can cause. Many customers won’t do business with an organization that has a track record of failing to protect personal data, so this can result in significant lost business for months, or even years to come.

In some cases – especially for smaller firms – the damage this can do to their brand can even prove fatal. For instance, it has been previously estimated by the National Cyber Security Alliance that some 60 percent of small companies go out of business within six months after falling victim to a data breach. Even large firms may struggle, with the average total cost arising from such breaches now reaching $4.24 million, according to the Ponemon Institute.

Defending Against Extortion

As is the case with any cyberattack, the best defense against ransomware extortion attacks is to avoid falling victim in the first place, which means comprehensive cybersecurity tools including firewalls, anti-malware solutions, endpoint protection and user education to minimize the risk of ransomware infiltrating networks in the first place.

However, this can never offer a 100 percent guarantee, and it may only take one well-crafted phishing email, or a newly-discovered vulnerability that has not yet been patched, for this work to be undone.

When it comes to tackling ransomware extortion, one of the best solutions is an effective anti-data exfiltration (ADX) tool. This monitors traffic and behavior within your network to quickly spot any telltale signs that data is being stolen for use in extortion schemes, such as unauthorized access to files or a large volume of traffic leaving the network at unusual times.

Having comprehensive ransomware insurance can also help firms recover in the event they do fall victim. While these products can’t prevent extortion attacks on their own, they could help you mitigate some of the financial impacts of an incident. They can assist in areas such as the costs of incident response and investigation, hardening systems to prevent future attacks, and external consultants. 

They may also help reimburse any ransoms that are paid, but this is by no means a guarantee – and could still leave you exposed to being targeted in the future if you decide to pay. The best defense is prevention and the deployment of new tools, such as ADX, to reduce the ability of hackers to access the data they need to extort the business.

*** This is a Security Bloggers Network syndicated blog from BlackFog authored by Brenda Robb. Read the original post at: