What is Ransomware & Extortionware?

A New Criminal Business Model

We all know that a computer virus is bad and that we need anti-virus software to protect our computers against them. Unfortunately, this is no longer enough. Cyber Security has become a lot more complicated since the turn of the century and even more so in the last few years.

Recently, the news has been filled with reports regarding Cyber Security, or more accurately Cyber Security failings. Information has been stolen from large corporations but often this isn’t the obvious credit card information but rather contact details and passwords. Whatever the information it all has value and often ends up for sale on the Dark Web alongside purpose built easy to use ‘hacking’ tools. Now even criminals with very little computer skills are able to get a list of e-mail address’ and an app that allows them to start their own cyber-crime business. They can gain access to our systems and take our money either by restricting access to files and holding them to ransom or by stealing information with the intent to extort.

Ransomware

Ransomware has become very commonplace in recent years. Usually if the recipient of an infected e-mail opens the attachment their computer, or files on the computer and network, will become compromised and encrypted. Afterwards the criminal will then offer to de-encrypt the files, at a price. If you pay sometimes these files will be decrypted but often this isn’t the case. Your policy should always be not to pay. Even if you do get your files back once these criminals know they can hold data to ransom they will continue this business model and come up with new and more sophisticated attacks.

Extortionware

Extortionware is a lot more difficult to predict and protect against. Extortionware attacks are usually highly targeted and are more about the retrieval of data than its destruction or encryption. Once cyber criminals have gained access to your system and taken sensitive information demands are made, usually for money, followed by a threat. For example, criminals may send your company’s intellectual property to competitors or distribute your data online unless they’re paid. However, money isn’t always the motivation behind this sort of attack. The 2015 information leak from website Ashley Maddison was carried out only after hackers gave the company a chance to change their operating policies. The policies weren’t changed and as a result around 36 million user details were released in a highly-publicised leak.

The main concern with this sort of attack is that a backup can’t be you get out of jail free card. Once the criminals have your data there is nothing you can do. Because of this prevention is not only advised but imperative. Ashley Maddison, TalkTalk and Yahoo all failed to protect their systems from attack, but every company large and small should learn from this and ensure their systems are as secure as possible.

Protection is better than Reaction

To avoid becoming pray to the cyber-criminals you must train your staff on how to spot fake e-mails, increase your network perimeter security with a security firewall, add anti-malware software to your computers and always have a regular backup taken throughout the day. It isn’t possible to block 100% of attacks so having a backup is very important as it can often be your last line of defence against criminal file encryption. On top of this we recommend proper controls on server shares to add another layer of protection to sensitive information and block ransomware encryptions where permission is denied.

These points along with other policies and practices help to make up the Government backed Cyber Essentials Qualification. With the rise of more complex and sophisticated cyber-attacks, including ransomware and extortionware, we believe this should be the minimum operating policy of any company no matter the size, industry or customer base.

For more information please contact LSA.