The IT Industry’s Hot Topic
Despite being a relatively new word in the field of cybercrime, ransomware — the form of malicious software intended to steal and encrypt victim’s data until a sum of money is paid — has already risen to the top of the most damnific cyberthreats, while the total number of affected organizations worldwide continues to grow by leaps and bounds.
However, whereas earlier cybercriminals’ most used methods involved stealing credit cards, financial data and personally identifiable information (PII), over the last years those familiar strategies tend to change in favor of tactics more effective and simple in realization, namely cyber extortion. Instead of stealing money through fraud schemes, cybercriminals now demand it by threatening to disclose, publicly share or destroy the victim’s personal information, or private company data.
And that’s where it got worse. Thanks to the rise of non-traceable payment methods (like Bitcoin), which allow the malefactors remain anonymous in their deeds, cyber-extortion has become a multi-million-dollar criminal industry for it affects not only the attacked organization itself, but also its users and customers, which involves irreparable reputational damage in addition to potential severe financial losses.
Finally, its targets have shifted from private users to aims as big as law enforcement agencies, healthcare organizations, and state governments — which means the total number of losses associated with cyber extortion will only increase in time.
Ways of Spreading
Like most other virus programs, extortionware is often spread via phishing emails carrying malicious attachments, or through drive-by downloading that may take place when a user visits an infected website, from where the malware is then loaded and installed onto the victim’s computer without their knowledge.
Phishing schemes, however, remain the most effective means of spreading extortion malware. It is common for cybercriminals to conduct extensive research on their target (usually that would be a specific organization, or high-ranking individual in a company) to use the information to impersonate representatives of the bank where the victim is served, their colleagues, friends, etc. That, in turn, allows them to make up credible and really believable emails — and the more legitimate it looks, the more likely the victim is to open the attachment.
Additionally, attackers don’t shun to exploit agendas related to health (such as the current COVID-19 pandemic) or fake threats associated with victim’s well-being, making users keep on falling for those baits, opening infected files or clicking on malicious links over and over again.
Protecting Against Extrortionware
Since cyber extortion poses a more sophisticated type of the good old ransomware and spreads in the same ways, all data protection means are fair for it, too. Here’s the list of preventive measures provided by US-CERT that administrators and private users should take to protect their computer networks from extortionware infection:
Securing Company’s Assets
First and foremost, it’s vital to develop robust data backup and recovery strategies for all the critical information of your organization. Perform regular tests of the backups in order to speed up the recovery process and reduce as much as possible the data in case it’s lost or corrupted. Note that ransomware may also affect network-connected backups, which is why it’s important to keep them off-site and isolate the crucial data from the network for optimal protection.
Limit your employees’ ability to install and run unwanted applications and software, and apply the principle of Least Privilege to all services and systems of your organization. This should prevent malware from accessing the data, as well as limit its capability to spread through the network.
Maintaining Digital Hygiene
Before opening any attachments in an email, always check the veracity of the sender’s information (such as spelling of the email address, initials, etc). Avoid enabling macros for they may contain embedded code that will execute the malware on the machine once an infected attachment is opened. Finally, remember to instruct your employees on these rules to exclude the possibility of harm caused by ignorance.
Keeping the System Up-To-Date
Remember to keep your operating system, installed software and even plugins up-to-date with the latest updates and patches. They usually provide fixes to security vulnerabilities that attacks are executed through — which, in turn, greatly reduces the amount of exploitable entry points available to an intruder.
However, it isn’t possible to control and be responsible for the actions of all employees working for your organization. And that’s why you need a fallback plan, namely a credible data restoration company.
Salvagedata is a professional data recovery company that specializes in data loss cases of any difficulty — including those other recovery labs have claimed to be unrestorable. Since its foundation in 2003, Salvagedata has been providing high-end data recovery services to computer users, as well as government and law-enforcement agencies, all over the US, remaining in the ranks of the most trusted names in the industry. So, if your data is in trouble — don’t hesitate to contact Salvagedata’s customer care team for a free consultation, and let the professionals do the rest!
Interesting related article: “What is Cybersecurity?“