Both Police & Business Must Deal With Cyber Extortion

In the film “Ransom”, Mel Gibson plays the role of a father who is trying to save his son kidnapped by a villain, and eventually leads an FBI team in a courageous rescue operation. However, nowadays the tactic of modern criminals is much more sophisticated. Instead of human hostages, the villain now holds hostage the business information.

Hospitals, government organizations and banks were target to ransomware, and confronting this challenge can be traumatic. Ransomware is a type of malware, that prevents the access to a user’s files unless a ransom is paid. The number of such attacks has risen by 16% during the last year.

The first ransom attacks were on a low level, they were operated by email and included DDoS attack threats, or encryption of devices by force, while demanding payment for access renewal. Financial organizations have been a constant target.

Later the Hackers tactic changed. While the number of attacks has increased dramatically, Hackers groups now chose to launch attacks of very specific intensity, in order to showcase the victims their capability of precision. Another trend has been the public humiliation of victims, as in the attack on Ashley Madison online dating website. In such cases, the hackers already possess access to information and the victims pay the ransom just to assure that their information does not leak to the public sphere.

Hackers also perpetrated advertising malware campaigns, in which innocent users visit legitimate websites. The widespread use of cloud services has made the service suppliers a target as well. This trend might have a devastating influence that could potentially cause a domino effect by indirectly contaminate the customer of the service providers.

Despite the increasing prevalence of cyber-attacks, it seems that organisations are unaware of the best practice of responding to ransom demands. In fact, a research found that only 28% of the cyber extortion cases are actually reported to the authorities, i.e. the victims prefer to pay ransom on risking in the publication of sensitive information.

The FBI recently published a recommendation saying that “paying ransom does not only encourage cyber criminals to be involved in this illegal activity… By paying ransom, organizations inevitably supply funding to other illegal activities of the criminals”. Moreover, the criminals are encouraged to attack the same target again if as it was willing to pay.

Organisations have started to educate their employees about the ransomware risks and the right response. However, first they have to assure that the applications incorporated in the information systems are secure.

The first milestone should be a full evaluation of the business’ present infrastructure in order to evaluate if it can sustain a hacker attack. Then, the incorporation of on premise and cloud services can help during an attack and prove effective in accordance to the volume and magnitude of the attack.

Another element should be the assurance that the business in 24/7 secured. Today, a rapid access to experts, reports and analysis have become a critical demand in order to secure the business and is end customers. with the widening scope of ransomware threats, businesses today prefer more managed security services with high level expertise.

During recent years, the trend has changed – businesses react immediately to hackers’ ransom demands instead of taking them serious only when the price tag appears. Although it is a positive evolution, other organizations turn to the other extremity and pay hackers without checking in depth the situation, a sort of conduct that might only intensify the problem.

Taking the adequate measures for securing applications will lower the prospects to cyber extortion.

I-HLS:     How To Deal With The Rising Tide Of Ransomware:    What Should You Do If Your Business Is Hacked? (£)

 

« Israel To Assist Nigeria With Cybersecurity
Five major Russian Banks Attacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Tokio Marine HCC

Tokio Marine HCC

Tokio Marine HCC is a leading specialty insurance group with a Financial and Professional product line including Tech and Cyber.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.