Both Police & Business Must Deal With Cyber Extortion

In the film “Ransom”, Mel Gibson plays the role of a father who is trying to save his son kidnapped by a villain, and eventually leads an FBI team in a courageous rescue operation. However, nowadays the tactic of modern criminals is much more sophisticated. Instead of human hostages, the villain now holds hostage the business information.

Hospitals, government organizations and banks were target to ransomware, and confronting this challenge can be traumatic. Ransomware is a type of malware, that prevents the access to a user’s files unless a ransom is paid. The number of such attacks has risen by 16% during the last year.

The first ransom attacks were on a low level, they were operated by email and included DDoS attack threats, or encryption of devices by force, while demanding payment for access renewal. Financial organizations have been a constant target.

Later the Hackers tactic changed. While the number of attacks has increased dramatically, Hackers groups now chose to launch attacks of very specific intensity, in order to showcase the victims their capability of precision. Another trend has been the public humiliation of victims, as in the attack on Ashley Madison online dating website. In such cases, the hackers already possess access to information and the victims pay the ransom just to assure that their information does not leak to the public sphere.

Hackers also perpetrated advertising malware campaigns, in which innocent users visit legitimate websites. The widespread use of cloud services has made the service suppliers a target as well. This trend might have a devastating influence that could potentially cause a domino effect by indirectly contaminate the customer of the service providers.

Despite the increasing prevalence of cyber-attacks, it seems that organisations are unaware of the best practice of responding to ransom demands. In fact, a research found that only 28% of the cyber extortion cases are actually reported to the authorities, i.e. the victims prefer to pay ransom on risking in the publication of sensitive information.

The FBI recently published a recommendation saying that “paying ransom does not only encourage cyber criminals to be involved in this illegal activity… By paying ransom, organizations inevitably supply funding to other illegal activities of the criminals”. Moreover, the criminals are encouraged to attack the same target again if as it was willing to pay.

Organisations have started to educate their employees about the ransomware risks and the right response. However, first they have to assure that the applications incorporated in the information systems are secure.

The first milestone should be a full evaluation of the business’ present infrastructure in order to evaluate if it can sustain a hacker attack. Then, the incorporation of on premise and cloud services can help during an attack and prove effective in accordance to the volume and magnitude of the attack.

Another element should be the assurance that the business in 24/7 secured. Today, a rapid access to experts, reports and analysis have become a critical demand in order to secure the business and is end customers. with the widening scope of ransomware threats, businesses today prefer more managed security services with high level expertise.

During recent years, the trend has changed – businesses react immediately to hackers’ ransom demands instead of taking them serious only when the price tag appears. Although it is a positive evolution, other organizations turn to the other extremity and pay hackers without checking in depth the situation, a sort of conduct that might only intensify the problem.

Taking the adequate measures for securing applications will lower the prospects to cyber extortion.

I-HLS:     How To Deal With The Rising Tide Of Ransomware:    What Should You Do If Your Business Is Hacked? (£)

 

« Israel To Assist Nigeria With Cybersecurity
Five major Russian Banks Attacked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

8MAN

8MAN

8MAN is a leading Access Rights Management (ARM) solution in Microsoft and virtual server environments.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

Ironhack

Ironhack

Ironhack provide intensive training courses & bootcamps in Web Development, UX/UI Design, Data Analytics & Cybersecurity.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Accompio

Accompio

Accompio offer comprehensive support in the digitalisation of your business processes.

HardTarget

HardTarget

HardTarget is a cutting-edge cyber training company serving HWN (High-Net-Worth) Families and their trusted Advisors.