Both Police & Business Must Deal With Cyber Extortion

Uploaded on 2016-12-07 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

In the film “Ransom”, Mel Gibson plays the role of a father who is trying to save his son kidnapped by a villain, and eventually leads an FBI team in a courageous rescue operation. However, nowadays the tactic of modern criminals is much more sophisticated. Instead of human hostages, the villain now holds hostage the business information.

Hospitals, government organizations and banks were target to ransomware, and confronting this challenge can be traumatic. Ransomware is a type of malware, that prevents the access to a user’s files unless a ransom is paid. The number of such attacks has risen by 16% during the last year.

The first ransom attacks were on a low level, they were operated by email and included DDoS attack threats, or encryption of devices by force, while demanding payment for access renewal. Financial organizations have been a constant target.

Later the Hackers tactic changed. While the number of attacks has increased dramatically, Hackers groups now chose to launch attacks of very specific intensity, in order to showcase the victims their capability of precision. Another trend has been the public humiliation of victims, as in the attack on Ashley Madison online dating website. In such cases, the hackers already possess access to information and the victims pay the ransom just to assure that their information does not leak to the public sphere.

Hackers also perpetrated advertising malware campaigns, in which innocent users visit legitimate websites. The widespread use of cloud services has made the service suppliers a target as well. This trend might have a devastating influence that could potentially cause a domino effect by indirectly contaminate the customer of the service providers.

Despite the increasing prevalence of cyber-attacks, it seems that organisations are unaware of the best practice of responding to ransom demands. In fact, a research found that only 28% of the cyber extortion cases are actually reported to the authorities, i.e. the victims prefer to pay ransom on risking in the publication of sensitive information.

The FBI recently published a recommendation saying that “paying ransom does not only encourage cyber criminals to be involved in this illegal activity… By paying ransom, organizations inevitably supply funding to other illegal activities of the criminals”. Moreover, the criminals are encouraged to attack the same target again if as it was willing to pay.

Organisations have started to educate their employees about the ransomware risks and the right response. However, first they have to assure that the applications incorporated in the information systems are secure.

The first milestone should be a full evaluation of the business’ present infrastructure in order to evaluate if it can sustain a hacker attack. Then, the incorporation of on premise and cloud services can help during an attack and prove effective in accordance to the volume and magnitude of the attack.

Another element should be the assurance that the business in 24/7 secured. Today, a rapid access to experts, reports and analysis have become a critical demand in order to secure the business and is end customers. with the widening scope of ransomware threats, businesses today prefer more managed security services with high level expertise.

During recent years, the trend has changed – businesses react immediately to hackers’ ransom demands instead of taking them serious only when the price tag appears. Although it is a positive evolution, other organizations turn to the other extremity and pay hackers without checking in depth the situation, a sort of conduct that might only intensify the problem.

Taking the adequate measures for securing applications will lower the prospects to cyber extortion.

I-HLS:     How To Deal With The Rising Tide Of Ransomware:    What Should You Do If Your Business Is Hacked? (£)

 

« Israel To Assist Nigeria With Cybersecurity
Five major Russian Banks Attacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

SecuLore

SecuLore

An innovator in public-safety-focused cybersecurity, SecuLore is dedicated to protecting critical infrastructure from cyber attacks.

CyPro

CyPro

CyPro is a cyber security expert firm that specialises in providing cyber security services tailored for high-growth companies at every stage of their journey.