Your First Aid to Cyber Extortion

Image

Cyber extortion, contrary to some misconceptions, isn’t new. The fact is it's a top IT security concern that's been targeting susceptible enterprises for over four decades now. Here's some background information. Bank of America was the first to be on the receiving end of the threat in 1971. Since then, it has become a thriving business for unscrupulous individuals who look to cripple business operations in exchange for ransom payments. According to CNN, cyber criminals stole $209 million from businesses looking to regain access to their hacked systems between January 2016 and March 2016. Note that that figure does not include how much came from other silent extortion victims. Given the scale of cyber extortion, let's examine the threat more closely and explore some ways by which companies can defend against attackers.

How Cyber Extortion Works

Cyber attackers know that businesses may give in and pay extortion money regardless of how unwilling they are to not legitimize attackers' methods. In addition, the growing popularity and availability of digital currencies, such as Bitcoins, enable attackers to carry out their exploits anonymously and avoid leaving paper trails. Here are cyber extortion modes you should be on the watch for and countermeasures you can take: 1. Ransomware Ransomware is a type of malware that encrypts important data belonging to a business or an organization. In exchange for a decryption key and regaining control of company servers, attackers demand money from their victims. Cryptolocker ransomware had a big resurgence these past few years. In particular, several hospitals have been hit by ransomware attacks, possibly because IT security was not a priority at those organizations. In the face of a growing number of ransomware attacks, companies need to prepare for an attack ahead of time. To illustrate, when the Lincolnshire County Council became the target of cyber extortion via a ransomware attack in early 2016, several of its databases were inaccessible to the council’s personnel. The attack also prevented the council’s online libraries and booking systems from working for some time. In the face of the attack, the council immediately shut down its servers and requested its security provider retrieve its data from backups. These measures helped prevent the situation from escalating into a major security breach, not to mention that the council did not lose any penny in ransom payment. This shows how important it is for businesses to have backup systems for files, data and even bandwidth capacities, as well as to have a quick response plan in place. 2. Withholding sensitive data Criminal hackers can make a profit out of stolen data in a variety of ways. They can release and sell confidential information like trade secrets and customer data. Actors can incorporate that data, in turn, into other schemes, such as insider trading, phishing and identity fraud. To protect your organization against cyber attacks of this nature, you should:

• Avoid opening emails and accompanying links or file attachments, especially those with “exe” extensions that come from sources unknown to you.
• Use only secure websites or those with https:// or a padlock icon at the beginning of the URL, which signifies the browsing session is encrypted with a digital certificate as a means to verify the integrity of the data being sent.
• Store the most valuable information locally on well-protected removable devices instead of a cloud driver. If cloud storage is really necessary, be sure to encrypt your files or data before uploading them.

What if the most unfortunate thing happens, that is, a threat or an actual data breach has infiltrated your system. What should be done?

• Verify that there has actually been a breach, not a false alarm or some trick deployed by fraudsters instructing you to prematurely update login credentials or other security information.
• Place a security freeze on credit or financial accounts, as this can help restrict online thieves from consummating illegal transactions on such accounts.
• Have your IT specialists use forensics to analyze web traffic and identify the cause of the hacking event.
• Communicate the problem along with planned solutions to all stakeholders, including management, employees, technical consultants, clients and media (if necessary).
• Implement your data breach plan by containing the leakage of data, removing the hack from the system, patching affected systems and preserving evidence of the breach.

3. Distributed Denial of Service (DDoS) This is a ploy used by cyber criminals to saturate a company’s web server with repeated communication requests, causing the network to fail and become inaccessible to its legitimate users. You can, however, thwart DDoS attacks and consequently, cyber extortion, through a number of preventive solutions:

• Setting up of routers and firewalls to block traffic through basic filtering approaches.
• Sinkholing or diverting traffic into a black hole.
• Using dedicated DDoS-mitigating hardware.
• Having multiple ISPs to max your bandwidth.
• Taking advantage of cloud mitigation services’ expertise and technology.

Initial Response to Cyber Extortion

Hopefully, by now, you have prepared a Cyber Incident Response Plan to help you deal with the situation. This plan should contain the following elements:

• Response Team
• Reporting
• Initial Response
• Initial Investigation
• Recovery and Follow-up
• Public Relations
• Law Enforcement

During the initial response, here are the important steps you should take. Also, don’t forget to preserve the evidence and properly document the investigation.

Prevention of Future Cyber Attacks

To ensure that history won’t repeat itself, here are the best practices that you should follow:

• Conduct regular security risk assessments and system configurations to secure your network.
• Monitor personal computers and mobile devices that may inadvertently or improperly access critical internal systems. Test controls around these systems regularly, too.
• Educate end users about safe e-mail and web browsing practices, and test their behavior periodically.
• Conduct trainings within your organization and include extortion information to increase your employees’ security awareness.
• Simulate cyber extortion scenarios with third-party vendors and your organization to help you update and test your business continuity plans.
• Move your data to the cloud as an option to distributing it across multiple endpoints, personal e-mails and data center internal servers.
• Audit third-party vendor software and services.

The threat of cyber extortion is loud and clear, and no business enterprise can claim immunity from it. That said, you need to plan your company’s data recovery services before it's too late.  

Image

About the Author: Vlad de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security. Outside the field, he is also a professional business and life coach, a teacher and a change manager. Vlad has set his focus on IT security awareness in the Philippines and he is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.