Three Tactics Behind Cyber Extortion

Three Tactics Behind Cyber Extortion
Michael Marriott
Read More From Michael Marriott
July 11, 2016 | 3 Min Read

As explained in a previous blog, extortion is not new – it’s now just been applied to the digital world in many different forms. In fact, as our extortion whitepaper demonstrates, there are really three, high-level extortion tactics: the threat of distributed denial of service (DDoS), the threat of data compromise and the use of ransomware.

DDoS

One of the most popular means to facilitate extortion is through DDoS attacks. The accessibility of off-the-shelf tools has lowered barriers to entry and actors have been encouraged by the increased media coverage.

Of course, the threat of DDoS will vary depending on the company and how critical the website is to generating revenue. Carefully orchestrated campaigns, such as the targeting of online florists around Valentines Day, allude to a more considered approach.

Not all DDoS extortion actors are made equal and are quite as sophisticated, however; much will depend on the capability and credibility of each threat actor. While there is certainly no shortage of low-credibility, low-capability actors, it would be remiss to ignore this threat with the memory of when Code Spaces went out of business.

Data Compromise

A second method of extortion is the threat to release compromised data. This method, of course, depends a lot on whether the target’s data has already been compromised.

Not so recently, in 2012, Rex Mundi allegedly compromised the databases of a number of companies based in French-speaking countries using this very approach. The group would then notify the victims of the breach via social media and threatens to make the data public unless a ransom is paid within a given timeframe. More recently, we have seen this tactic used by actors like Hacker Buba, Poseidon Group and Russian Guardians.

Ransomware

Lastly, it is important to touch on ransomware – that is, malware that restricts access to the computer system it has infected. In order to access to the restricted files, application or operating system, the malware demands that a ransom be paid before restoring access to affected resources.

At a high-level, the ransomware process is fairly standard; files are encrypted and the attackers, who hold the decryption key, will only allow the target to decrypt the files after the required BTC ransom is paid.

The development of ransomware is a cat and mouse affair; security companies release decryption tools, causing the malware to be updated and the cycle continues. The care dedicated to the development of the ransomware and its specific features will vary from variant to variant.

Ransomware process

Figure 1 – Typical ransomware processes

All this context is good and well, but the true value comes from understanding the tactics, techniques and procedures (TTPs) of these threat actors and aligning your security accordingly. Download our whitepaper to understand the specific motivations and TTPs that these various actors use. Armed with this situational awareness, you can better position yourself.

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...