Halloween is a time when creatures like ghosts and goblins are celebrated rather than feared. Even adults use the holiday to lighten up and enjoy themselves, as they’re well aware that the monsters so often seen and heard about in stories are fictional. Unfortunately, the fact remains that there are monsters hiding in plain sight all around us, playing on the fears and misfortune of others--namely, hackers.
It’s pretty unlikely that a child will wander to your front door this Halloween dressed as a hacker (we like to picture them in ski masks and black sweatshirts). Yet, the digital assets of your business, like your website and network infrastructure, could very well be visited this Halloween--or any day. While there are preventative measures to keep these threats at bay, like firewalls and antivirus, there are other tactics used by hackers that aren’t as obvious as a “trick or treat!” at your doorstep. We’re talking about specialized spear-phishing attacks that have a much greater chance of making it through your security and defenses.
Cyber extortion is a major problem that businesses have to deal with, primarily due to the fact that, when used properly, it is difficult to detect and protect against. Hackers tend to use fear tactics for their cyber extortion schemes, since it’s a particularly effective way to incite irrational behavior, like forking over cash. Their methods are akin to the likes of blackmail and deception.
These methods work in a similar manner to ransomware. Most ransomware will use encryption to lock down files on a victim’s computer, preventing them from opening it until a decryption key is issued. The key is obtained when the user pays a fine.
The concept is to capitalize on the victim’s panic. In their haste to recover their files, they will pay the fine using an untraceable cryptocurrency, regardless of how irrational the request. Their fear of losing data outweighs the price that’s been put on it. In particular, businesses need to be wary of losing mission-critical data. In the majority of ransomware cases, unless an organization has their data backed up, they’re out of luck and won’t be able to retrieve their data without paying the fine. Now that’s scary!
Recent ransomware hints at another sickening trend in the form of an ultimatum; hackers will steal information from businesses or individuals, and then threaten to release the sensitive data on the Internet unless a payment is made. Hackers will often do this if they’ve accumulated a large cache of valuable information. While they may not do anything with the stolen data, there’s no guarantee that the hackers who buy the data won’t make good on their threat. In order to prevent this from happening, the asking price is usually between $250 to $1,200.
IC3, the FBI’s Internet Crime Complaint Center, received a significant number of reports indicating that users who had data stolen through high-profile data breaches received extortion emails demanding that they pay a fee, or suffer the consequences. This data includes personally identifiable information, like Social Security numbers and birth dates, as well as financial information. In some cases, hackers also claim to have obtained photos, emails, and other valuable files that could have disastrous effects on the victim’s personal life.
Keep in mind that there’s almost no way to guarantee that hackers have obtained files unless they’re willing to show you proof. They could just be blowing hot air and hoping that you’ll be willing to believe them. This is why it’s important not to immediately pay a ransom, as there’s no guarantee that you’ll even get the decryption key from the hacker.
Basically, you should never act irrationally due to a ransom offered by hackers. Remember, fear isn’t going to save your files. All you’re doing is further proving to the hackers that their tactics work, and the money you fork over is probably going to be used to keep their hacking agenda going. Don’t give them the satisfaction of watching you squirm.
To prevent becoming a victim of a hacking attack or cyber extortion attempt, give Graemouse Technologies a call at 253.777.0763. We can help you assess your choices and implement preventative solutions to keep things like this from happening in the future.
This Halloween, be safe and make sure to celebrate what looks scary (but really isn’t), instead of finding yourself in a situation that’s actually scary, like being blackmailed by a hacker.