By now, you have probably heard of ransomware. When it runs on your computer, it locks you out of your data until you pay money to regain access. The trend we are seeing now, because of how well tools are starting to defend against these attacks, is that cybercriminals focus more on stealing your data and threatening to publicly post it and/or sell it to other bad actors – quite simply – extortion.
Imagine that the attackers gain access and steal your data, instead of your data getting simply encrypted. You or an employee were possibly tricked into an interaction with a cybercriminal, or you had an exposed system with what could have been preventable cracks in the armor. It would be like a person living in your house that you do not know about, and they are taking your belongings when you are not looking. This person finds all the things that matter most to you, and maybe some things you want to keep private, and when they are ready, they leave a note threatening to contact everyone you know and tell the world unless you pay them. Worse yet, maybe they decide just to burn your home down without ever saying anything. It’s just like that with your business, but instead, it is all your pertinent business documents, client lists, litigation information, partner contracts, financial statements, intellectual property documents, and more. This trend is known as “double extorsion” or “data exfiltration extortion.”
Why the Change?
Our current defenses against ransomware have improved. We have better backups, robust disaster recovery planning, and new technology that can counter these encryption-based attacks, so it has been the trend that companies are not giving in to cybercriminal demands when a system gets encrypted. By moving to exfiltrate data and threatening the victim with exposure of sensitive business data, cybercriminals add a new layer of pressure by threatening business owners with reputational damage, or exposure of private information, which likely could be devastating.
Cybercriminals' ability to make fast money by locking down systems is part of a bigger focus. They are using emotional manipulation, fear of lost customer trust, and regulatory fines as threats to make money without ever bringing your systems down.
The Downside: Increased Stakes for Businesses
This shift is not just a technical change in approach; it also adds a layer of psychological damage. The ransomware story is straightforward: pay us money, get your files, and get back to work (sometimes, at least). With extortion, the stakes of the game are much higher; now, you must consider questions like, “What if my data gets out there anyway? What if they decide to ask for regular payments month-over-month?” or “Have we successfully rooted them out of our systems?”
We have seen cases where, even after the information is stolen, it seems to find its way onto the dark web somehow, or cybercriminals start making more aggressive demands for payments for deleting additional parts of data or to guarantee that information will be deleted completely. This creates fear and uncertainty, making it feel like a never-ending game where your security and reputation are on the line.
Acting Against the New Face of Cybercrime
You must be wondering what you can do to defend yourself against this form of extortion, right? The biggest point is knowing how you protect your data and the security of the systems on which the data lives. There are technical methods and things like security reviews that help you grasp where sensitive information resides so you can maximize your ability to reduce your business risk. The goal of all these technical and administrative controls is to make it as hard as possible for the attackers to steal anything of value in the first place, and by staying a step ahead of the cybercriminals. With a combination of technical capabilities and expertise, coupled with proactive reviews, you can turn the tables on cybercriminals, and keep them out of your critical business data.
-Getting into the Informational Piece-
IntelliSystems offers clients cybersecurity and assessment capabilities provided by experienced, certified personnel who can work to protect your business through a combination of technology and assessment capabilities. If you have not recently thought about how your business protects its critical data or have current concerns about the security of your systems, get in touch with us today.