Both Police & Business Must Deal With Cyber Extortion

In the film “Ransom”, Mel Gibson plays the role of a father who is trying to save his son kidnapped by a villain, and eventually leads an FBI team in a courageous rescue operation. However, nowadays the tactic of modern criminals is much more sophisticated. Instead of human hostages, the villain now holds hostage the business information.

Hospitals, government organizations and banks were target to ransomware, and confronting this challenge can be traumatic. Ransomware is a type of malware, that prevents the access to a user’s files unless a ransom is paid. The number of such attacks has risen by 16% during the last year.

The first ransom attacks were on a low level, they were operated by email and included DDoS attack threats, or encryption of devices by force, while demanding payment for access renewal. Financial organizations have been a constant target.

Later the Hackers tactic changed. While the number of attacks has increased dramatically, Hackers groups now chose to launch attacks of very specific intensity, in order to showcase the victims their capability of precision. Another trend has been the public humiliation of victims, as in the attack on Ashley Madison online dating website. In such cases, the hackers already possess access to information and the victims pay the ransom just to assure that their information does not leak to the public sphere.

Hackers also perpetrated advertising malware campaigns, in which innocent users visit legitimate websites. The widespread use of cloud services has made the service suppliers a target as well. This trend might have a devastating influence that could potentially cause a domino effect by indirectly contaminate the customer of the service providers.

Despite the increasing prevalence of cyber-attacks, it seems that organisations are unaware of the best practice of responding to ransom demands. In fact, a research found that only 28% of the cyber extortion cases are actually reported to the authorities, i.e. the victims prefer to pay ransom on risking in the publication of sensitive information.

The FBI recently published a recommendation saying that “paying ransom does not only encourage cyber criminals to be involved in this illegal activity… By paying ransom, organizations inevitably supply funding to other illegal activities of the criminals”. Moreover, the criminals are encouraged to attack the same target again if as it was willing to pay.

Organisations have started to educate their employees about the ransomware risks and the right response. However, first they have to assure that the applications incorporated in the information systems are secure.

The first milestone should be a full evaluation of the business’ present infrastructure in order to evaluate if it can sustain a hacker attack. Then, the incorporation of on premise and cloud services can help during an attack and prove effective in accordance to the volume and magnitude of the attack.

Another element should be the assurance that the business in 24/7 secured. Today, a rapid access to experts, reports and analysis have become a critical demand in order to secure the business and is end customers. with the widening scope of ransomware threats, businesses today prefer more managed security services with high level expertise.

During recent years, the trend has changed – businesses react immediately to hackers’ ransom demands instead of taking them serious only when the price tag appears. Although it is a positive evolution, other organizations turn to the other extremity and pay hackers without checking in depth the situation, a sort of conduct that might only intensify the problem.

Taking the adequate measures for securing applications will lower the prospects to cyber extortion.

I-HLS:     How To Deal With The Rising Tide Of Ransomware:    What Should You Do If Your Business Is Hacked? (£)

 

« Israel To Assist Nigeria With Cybersecurity
Five major Russian Banks Attacked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Sonet.io

Sonet.io

Sonet.io is built for IT leaders that want a great experience for their remote workers, while enhancing security and observability.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Nukke

Nukke

Nukke offers advanced cybersecurity software and tailored solutions for your business.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.

Staris

Staris

Human based defense is dead. Staris is reinventing application security for an increasingly AI driven world.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.