Both Police & Business Must Deal With Cyber Extortion

In the film “Ransom”, Mel Gibson plays the role of a father who is trying to save his son kidnapped by a villain, and eventually leads an FBI team in a courageous rescue operation. However, nowadays the tactic of modern criminals is much more sophisticated. Instead of human hostages, the villain now holds hostage the business information.

Hospitals, government organizations and banks were target to ransomware, and confronting this challenge can be traumatic. Ransomware is a type of malware, that prevents the access to a user’s files unless a ransom is paid. The number of such attacks has risen by 16% during the last year.

The first ransom attacks were on a low level, they were operated by email and included DDoS attack threats, or encryption of devices by force, while demanding payment for access renewal. Financial organizations have been a constant target.

Later the Hackers tactic changed. While the number of attacks has increased dramatically, Hackers groups now chose to launch attacks of very specific intensity, in order to showcase the victims their capability of precision. Another trend has been the public humiliation of victims, as in the attack on Ashley Madison online dating website. In such cases, the hackers already possess access to information and the victims pay the ransom just to assure that their information does not leak to the public sphere.

Hackers also perpetrated advertising malware campaigns, in which innocent users visit legitimate websites. The widespread use of cloud services has made the service suppliers a target as well. This trend might have a devastating influence that could potentially cause a domino effect by indirectly contaminate the customer of the service providers.

Despite the increasing prevalence of cyber-attacks, it seems that organisations are unaware of the best practice of responding to ransom demands. In fact, a research found that only 28% of the cyber extortion cases are actually reported to the authorities, i.e. the victims prefer to pay ransom on risking in the publication of sensitive information.

The FBI recently published a recommendation saying that “paying ransom does not only encourage cyber criminals to be involved in this illegal activity… By paying ransom, organizations inevitably supply funding to other illegal activities of the criminals”. Moreover, the criminals are encouraged to attack the same target again if as it was willing to pay.

Organisations have started to educate their employees about the ransomware risks and the right response. However, first they have to assure that the applications incorporated in the information systems are secure.

The first milestone should be a full evaluation of the business’ present infrastructure in order to evaluate if it can sustain a hacker attack. Then, the incorporation of on premise and cloud services can help during an attack and prove effective in accordance to the volume and magnitude of the attack.

Another element should be the assurance that the business in 24/7 secured. Today, a rapid access to experts, reports and analysis have become a critical demand in order to secure the business and is end customers. with the widening scope of ransomware threats, businesses today prefer more managed security services with high level expertise.

During recent years, the trend has changed – businesses react immediately to hackers’ ransom demands instead of taking them serious only when the price tag appears. Although it is a positive evolution, other organizations turn to the other extremity and pay hackers without checking in depth the situation, a sort of conduct that might only intensify the problem.

Taking the adequate measures for securing applications will lower the prospects to cyber extortion.

I-HLS:     How To Deal With The Rising Tide Of Ransomware:    What Should You Do If Your Business Is Hacked? (£)

 

« Israel To Assist Nigeria With Cybersecurity
Five major Russian Banks Attacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

Secure Source

Secure Source

Secure Source specialise in search and recruitment for Cyber Security and Security Cleared markets.

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

AnchorFree

AnchorFree

AnchorFree is a Virtual Private Network services provider offering secure encrypted access to the internet.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Nihon Cyber Defense

Nihon Cyber Defense

Nihon Cyber Defence’s mission is to provide robust solutions, services and support to governments, corporates and organisations in order to protect them from all forms of cyber warfare.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

Ampere Industrial Security

Ampere Industrial Security

Ampere is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.