Security

Extortion Is An Increasingly Common Cybercrime Tactic

The motivations behind cybercrime vary, yet as with just about every other sphere of life, financial gain is a significant driver. While there will always be those who seek to use cyber attacks purely to cause chaos and disruption, or to otherwise gain access to personally identifiable information (PII), those who use these attacks to try and earn money for themselves remain a significant — and growing — presence.

The big challenge, of course, is how to use a cyber attack to make money. After all, causing damage to a victim of a cyber attack doesn’t automatically benefit the person who causes the harm to begin with. However, there are a few ways a hacker might seek to monetize a cyber attack.

An Increasingly Common Cybercrime Tactic

They could, for example, operate a DDoS-as-a-service that wages DDoS attacks for a price like a mercenary for hire. Alternatively, they might exploit a vulnerability to inject malicious code onto a website to steal payment information.

But perhaps the simplest strategy remains the one that has been used by criminals long before the world went digital: Extortion. Extorting the victims or would-be victims of cyber attacks is the most direct way to monetize a cyber attack.

In some cases, a cybercriminal might try to extort money from a victim after pulling off a successful cyber attack against them. In other cases, they may simply use the threat of an attack — and the target’s knowledge of how harmful this might be — to “persuade” them to cough up cash to avoid being victimized in this way.

In either scenario, depending on the type of attack and the target, the attacker could demand anything from tens or hundreds of dollars up to hundreds of thousands or even millions of dollars to call off the threat.

Types of extortion-based attacks you might encounter

There are multiple forms that an extortion-based attack might take. Probably the most famous approach to cyber attack extortion is a ransomware attack. Dating back several decades, although becoming increasingly widespread over the past several years, classic ransomware attacks work by infecting the target with malware.

Once this malware has been installed on a computer or system, it begins encrypting files and data, which can only be decrypted again if the rightful owner pays money for a decryption key. If they fail to do so, their files remain inaccessible.

A recent twist on the ransomware formula is known as a “double extortion” ransomware attack. To pile on extra pressure, in this variation on the ransomware formula, the malware is used both to encrypt files and also exfiltrate data from the system.

Once in the hands of cyber attackers, the threat is that this information will be published online (or, potentially, passed to a third party) if an extra ransom is not paid.

Another increasingly common form of cyber attack extortion involves DDoS. An acronym standing for Distributed Denial of Service, DDoS attacks seek to overwhelm target systems, usually websites or online services, by overwhelming them with massive quantities of fake traffic.

Such attacks can knock out victims for prolonged periods of time, rendering them inaccessible to legitimate customers or users.

Because of the financial and reputational damage such an attack may cause, DDoS extortionists know that any threats they make regarding such an assault is likely to be taken seriously. A DDoS extortion attack may sometimes commence with a smaller attack to prove the seriousness of the extortionists.

In other cases, they may not stage an attack at all, but simply state their credentials as serious attackers and note that one will follow if their ransom demands are not met. In some instances, attackers may unleash a full-size attack and only call it off when a payment is made.

Put the right protections in place

One of the main pieces of advice made about extortion-based cyber attacks is that targets should not pay them. Not only does doing so encourage the perpetuation of such attacks, but it can also make targets likely to be repeat victims since attackers might assume that a person who pays out once will do so again in the future.

There is also no guarantee that attackers will live up to their side of the bargain — whether that’s providing an encryption key or deleting exfiltrated information and not publishing it online.

Nonetheless, in some scenarios victims will be willing to pay out money to extortionists, which is, of course, why such attacks continue.

In what may well be the largest-ever ransomware payment, in July 2020 the U.S. travel services company CWT Global paid more than $4.5 million in bitcoin to stop an attack which had, among other things, compromised upward of two terabytes of data — including employee personal data, security documentation, and financial records.

Organizations not wanting to be put in the position of paying for extortion-based attacks should ensure they have the proper precautions in place.

DDoS prevention systems, closing ransomware infection vectors, and other steps are crucial to offer proper safeguards against these attacks. Tools such as Web Application Firewalls (WAFs), which can monitor for suspicious behavior and block it before it can become a potentially damaging cyber attack, are also a game-changer.

Establish the right cyber security measures and you shouldn’t have to worry about the potential of an extortion-based attack. That means you can earmark your hard-earned money for something far more important — like growing your business.

About the author

Tejas Maheta

Hi, I'm Tejas Maheta. A blogger & Internet marketer from India.