Extortion. Yes, it is an ugly word and its meaning seems to transcend that of blackmail, reaching into the seedier corners of the criminal trade to obtain money – or information – illegally. Just as extortion takes place regularly in the physical world around us, it is growing in popularity amongst cybercriminals.
Trend Micro has recently released a new report titled “Digital Extortion, A Forward-Looking View”, in which it details the various aspects of this form of cybercrime. The report takes an in-depth look at the means used by cybercriminals to obtain money and the possible reasons behind such actions.
“We first need to make sure we understand what extortion means as it is different from blackmail. In legal terms it’s defined as forcing someone, or even a company, to engage in an action under the threat of violence if their instructions are not followed. In the digital sphere, the violence we’re talking about could relate to threatening to destroy data if someone doesn’t pay a certain amount of money. Ransomware is a good example of a form of digital extortion,” reveals Anvee Alderton, Channel Manager of Trend Micro Southern Africa.
Blackmail, on the other hand, refers to the threat of releasing information if the victim doesn’t comply. This could be anything from threatening to release client details or sensitive company documents, to even threatening to reveal personal information of the target, that would be damaging enough to make them cooperate.
Through the encryption of a company’s digital assets – as in the case of ransomware – the attacker is able to name their price in order to release the lock on information. Some companies with the advent of Europe’s General Data Protection Regulation (GDPR) and South Africa’s own Protection of Personal Information Act (POPI), companies can face massive fines if it is discovered that they have been hacked and information compromised. Hackers may take advantage of this and encourage the target to avoid the fines by asking for payment that is less than the fine the company would incur.
“What we may see in the future is time sensitive attacks on high profile individuals, such as politicians, whether they are extorted with the possibility of sensitive information or photographs of themselves being leaked. The reality is that digital blackmail and extortion are not going away anytime soon. People have been placed in compromising and embarrassing situations when hackers have come across intimate photographs and have used this to get the target to perform whatever task they feel necessary,” explains Alderton
So what can we do to prevent becoming victims? Ransomware appears to be the tool of choice for these hackers, which means it’s all about taking the proper precautions and backing up systems, updating regularly and having multi-layered security in place.
“Be wary while you’re online. Don’t open emails from people you don’t know. There is anti-ransomware software available and it’s worth making the investment in these security measures in order to mitigate any breaches. Cyber crime is a very real threat to global businesses and just like in the physical world, educating yourself and being vigilant are all part of staying safe online,” Alderton concludes.