Just as extortion takes place regularly in the physical world around us, it is growing in popularity amongst cyber criminals.
Trend Micro recently released a new report titled “Digital Extortion, A Forward Looking View”, in which it details the various aspects of this form of cyber-crime.
“We first need to make sure we understand what extortion means as it is different from blackmail,” says Anvee Alderton, channel manager of Trend Micro Southern Africa. “In legal terms its defined as forcing someone, or even a company, to engage in an action under the threat of violence if their instructions are not followed.
“In the digital sphere the violence we’re talking about could relate to threatening to destroy data if someone doesn’t pay a certain amount of money. Ransomware is a good example of a form of digital extortion.”
Blackmail, on the other hand, refers to the threat of releasing information if the victim doesn’t comply. This could be anything from threatening to release client details or sensitive company documents, to even threatening to reveal personal information of the target, that would be damaging enough to make them cooperate.
Through the encryption of a company’s digital assets — as in the case of ransomware — the attacker is able to name their price in order to release the lock on information.
With the advent of Europe’s General Data Protection Regulation (GDPR) and South Africa’s Protection of Personal Information Act (POPI), companies can face massive fines if it is discovered that they have been hacked and information compromised. Hackers may take advantage of this and encourage the target to avoid the fines by asking for payment that is less than the fine the company would incur.
“What we may see in the future is time sensitive attacks on high profile individuals, such as politicians, whether they are extorted with the possibility of sensitive information or photographs of themselves being leaked,” says Alderton.
“The reality is that digital blackmail and extortion are not going away any time soon. People have been placed in compromising and embarrassing situations when hackers have come across intimate photographs and have used this to get the target to perform whatever task they feel necessary.”
Companies can take step to prevent themselves from becoming victims of ransomware by taking the proper precautions and backing up systems, updating regularly and having multi-layered security in place.
“Be wary while you’re online,” Alderton adds. “Don’t open emails from people you don’t know. There is anti-ransomware software available and it’s worth making the investment in these security measures in order to mitigate any breaches.
“Cyber crime is a very real threat to global businesses and just like in the physical world, educating yourself and being vigilant are all part of staying safe online,”