Security Experts:

The Rise of Cyber Extortion

Cyber Extortion

In 1824, the Duke of Wellington received a letter from a publisher threatening to publish a memoir by his former mistress. The publisher offered to keep the Duke out of the book if he received a sum of money. The Duke reportedly sent the letter back with “Publish and be damned” scrawled on the back.

Fast forward hundreds of years later, extortion not only exists but is thriving. In fact, it has bled over to the digital world.

Over the last couple of years, cyber extortions have revolved around the most valuable aspect of the digital age – data. The first case of cyber extortion, as reported by Thomas Whiteside in his book Computer Capers, occurred in 1971 when two reels of magnetic tape belonging to a branch of the Bank of America were stolen at Los Angeles International Airport. The thieves demanded money for their return, but the ransom was not paid because tape backup was available.

But things have escalated since.

Cyber extortions have taken on multiple forms, all focused on data – encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data:

Ransomware - As the name suggests, ransomware is a type of malware propagated via the traditional means – phishing emails, website drivebys, malvertising. Once the victim’s device is infected, the ransomware begins to encrypt private files the data, before popping up a message demanding a ransom in exchange for the encryption key. Adevastating case of ransomware was Cryptolocker where the attackers demanded payment of $300 in Bitcoins within three days to not only decrypt the files, but to prevent them from being destroyed forever.

Denial-of-service attacks - A denial-of-service attack is when an organization’s website or online business is flooded by so much traffic that legitimate users are denied access. In an extortion situation, the cyber extortionists demand money to stop the DDoS. These attacks can be difficult to stop and impacts financial revenue. Many tech startups are reportedly targets because many do not have the infrastructure to defend against them. Meetup, Basecamp, Bit.ly, Shutterstock and MailChimp have all been targeted.

Holding sensitive data hostage – Stealing data and threatening exposure is nothing new. In 2007, Nokia paid millions of euros to ensure that an encryption key for their Symbian OS would not be released to the public. In June 2014, a cyber extortionist group called Rex Mundi claimed it had customer records for 650,000 European Domino's Pizza customers. Rex Mundi threatened to release those records if the company didn't pay a ransom of about $41,000. In January 2015, the same group demanded a ransom from a bank in exchange for nothing releasing 30,000 emails with sensitive data if the bank didn’t pay a ransom. Neither victim paid.

Holding AWS accounts hostage – In June of last year, an attacker took over Code Spaces’ AWS administrative panel, and offered to return controls for a price. When the company refused, the attacker began to delete data, backups and configurations, putting Code Spaces out of business. The same pattern of attack occurred with Websolr and Bonsai, two search application infrastructure services provided by One More Cloud LLC, but they managed to recover.

One of the reasons these attacks have grown exponentially is because of the availability of digital currency. Instead of having to deal with physical cash and paper trails, extortionists now benefit from anonymized digital transactions with Bitcoin. Anyone can set up a Bitcoin wallet address without any financial oversight, which means any cyber extortionist can carry out an attack and extract payment.

Is there anything that can be done to prevent cyber extortion? Quite simply, identify and categorize your data. Spend your efforts protecting the most critical data. The easiest way to do this is by moving your data to the cloud. Why? Because when your data is in a corporate approved cloud storage application, you’ll know exactly where it is versus being distributed across multiple endpoints, personal email accounts and internal servers in data centers. The combination of security from your cloud application vendor, and a cloud access security broker probably delivers better security than most organizations can for their internal data center.

As long as companies continue to pay ransoms when attacked, we should expect cyber extortion to continue in 2015.

Related:30 Percent of Companies Would Negotiate Data Ransom With Cybercriminals

view counter
Danelle is VP of Strategy and Marketing at SafeBreach. She has more than 15 years of experience bringing new technologies to market. Prior to SafeBreach, Danelle led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also responsible for security solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. You can follow her at @DanelleAu.