Cyber Extortion: The Threat Lurking Behind Your Screen
In the not-so-good old days, extortion meant coercing someone into parting with money, services or property by threatening them with violence or exposure. For example, one of the most high-profile extortion cases of recent years was that involving, Bill Cosby, and his alleged illegitimate daughter, Autumn Jackson. Jackson attempted to extort $40 million out of the television star but found herself on the other side of the law when Cosby got the FBI involved in the payoff arrangement. Jackson was subsequently sentenced to 26 months in jail after refusing a paternity test to validate her claims.
That was then, however, and this is very much now and the threats we have to deal with have moved into the world of computers. According to the FBI, cyber extortion is now a multi-million dollar business, with attacks taking place through a variety of means, including ransomware, DDoS for Bitcoin and email extortion. Figures released by the US government indicate that malicious cyber activity cost the nation somewhere between $56 and $109 billion in 2016 alone!
What is Cyber extortion?
A few years ago, cybercriminals mainly worked on an individual basis, illegally gathering credit card details and other financial information to earn themselves a quick buck or two. Now, cybercrime works on a whole new level involving international syndicates, giving them increasing the scope and enabling them to target big businesses and reap the considerable rewards.
In its most basic form, cyber extortion is a criminal act in which a person or group of people attempt to extort money, services or property from its victim by threatening them with exposure or by holding files and other sensitive information ransom.
Cyber extortion takes a number of forms, so let’s look at some of the most common and how they operate:
Over the past two years, this form of cyber extortion has grown exponentially, both on an individual and business level. It works by encrypting files on a targeted device, system or network and thereby blocking user access. Once the system has been locked down, the perpetrators demand payment, usually in the form of bitcoin, to unblock the encrypted data. Although the ransoms are not usually high, by targeting lots of victims, the people behind it are able to accumulate huge sums of money.
The financial impact of ransomware goes way beyond the ransom itself, however, and can end up costing businesses and individuals huge sums in terms of lost productivity, system restoration, legal fees, and security upgrades. One recent cyber extortion case occurred last year when HBO reportedly agreed to hand over a quarter of a million dollars to retrieve deleted data that hackers were threatening to leak. Although HBO executive, John Beler, denied this was a ransom, referring to it instead as a “bug bounty” reward, the true nature of the payment remains unclear. Certainly, $250,000 isn’t much considering the perpetrators were asking for $7m!
This type of cyber extortion doesn’t only target big businesses, in fact, over 70% of ransomware attacks are directed at individuals. Having said that, there has been a marked increase in the number of ransomware attacks on businesses between 2016 (22.6%) and 2017 (26.2%). Fortunately, cybersecurity companies are quickly developing new ways of preventing ransomware attacks, safeguarding files against potential ransomware infiltration and decrypting files after infection.
2. Email Extortion
Email is one of the least secure areas of any operating system, simply because it needs to allow traffic to travel both in and out of the system, leaving a gateway open between your device and personal files and big, bad virtual world.
As a result, many different types of cybercrime utilize emails, including many ransomware and phishing attacks. These are somewhat more subtle than simply receiving an email that demands payment in exchange for keeping personal information private.
Back in 2015, the dating site aimed at married people looking for a discreet date or a little extramarital activity was hacked, giving the perpetrators, an organization known as The Impact Team, access to millions of users. The Impact Team managed to gain access to millions of users’ names, email addresses, and passwords, giving them the perfect way of extorting money from those wanting to keep their extramarital dalliances a secret.
While not all email extortions are genuine, with many hoaxes out there claiming to have footage of you watching adult videos and threatening to release it to all the people in your email address book unless you pay up. Obviously, if you’ve never watch pornography online, you’re not going to fall for it, but given that leading site, Pornhub, reported 78.1 million visits per day throughout 2017, chances are cybercriminals will hit the jackpot at least once or twice with every hoax.
3. DDoS For Bitcoin
You know how a non-functioning traffic light can result in a long traffic jam? Well, imagine the same concept in cyberspace and then you’ll understand how distributed denial-of-service attacks work. Although this type of disruption was originally used by hacktivists who were eager to make a political statement or some kind of social change, it wasn’t long before cybercriminals caught on to its potential.
DDoS stands for distributed denial-of-service and basically floods a specific site or network with traffic, rendering it inoperable. For example, a couple of years ago, a DDoS attack took out both PayPal and Twitter by targeting the internet domain directory, Dyn.
A little like terrorist attacks, DDoS attacks are used to establish a reputation for disruption which means hacking groups and cybercrime syndicates can then play the part of virtual Mafia and demand protection money from businesses wanting to avoid a similar attack.
DDoS is also a very effective form of industrial sabotage, enabling competitors to undermine their rivals by effectively getting them offline. While these attacks rarely affect us on an individual level, except for preventing us from entering a site such as Twitter or PayPal, they do impact on many online services we may rely on.
Recent news reports revealed that DDoS attacks increased substantially over the Black Friday to Cyber Monday period and predicted further disruption over the peak selling period leading up to Christmas.
How to Prevent Cyber Extortion
No matter how innocent your online activities, you could just as easily be a victim of cyber extortion as the next person which is why understanding how to protect yourself is so important. Admittedly, if you visit a lot of pornography or gambling sites, you are more vulnerable simply because those sites have been proven to carry more malware. Nevertheless, even your sweet old gran who only goes online for knitting patterns and recipes could find herself the unexpected victim of cyber extortion.
Because your online security is important to us, we’ve compiled a few useful tips about how to protect yourself against cyber threats of this nature.
1. Caution and Commonsense
I know, you were hoping I’d just tell you about a magical new piece of software that would solve all your cybercrime problems, but, unfortunately, there is always a human element and how you conduct business online has a great impact on how vulnerable you are to cyber extortion.
With the risk of sounding obvious, these are a few things you should steer clear of if you want to avoid being a victim of cybercrime:
- Don’t open email attachments from unknown senders – this is one of the easiest ways for hackers to get into your system and deposit malware, ransomware and other unpleasantries.
- Don’t use weak passwords – when the Ashley Madison hack became public in 2015, reporters revealed that the most commonly used passwords on the site were “password” and “123456”. You’d think people would be a little more imaginative when pursuing an extramarital affair, wouldn’t you? Obvious and frequently used passwords make you extremely vulnerable, which is why many people use a password manager to generate strong passwords and keep track of them.
- Don’t go to insecure sites – only visit sites with an https code and avoid those HTTP sites that lack sufficient security. If you want to be really vigilant on this point and get extra brownie points from us, you can add an https extension to your browser that will restrict you to visiting only https sites.
- Don’t overshare – ok, so you’re very proud that you chopped up your credit card, but that doesn’t mean you should photograph it and share it on Instagram. Revealing any personal information on a social media platform makes you vulnerable, especially if it involves your private financial data, name, address or telephone number.
- Don’t let your software get out of date – software upgrades are designed to deal with weaknesses in the original version that have made it vulnerable to hackers. Failing to upgrade your software on a regular basis means you’re more susceptible to phishing, ransomware, and malware attacks.
2. Find a Firewall
This is one of many features that make up a complete cybersecurity suite. A Firewall’s primary function is to screen and filter traffic traveling to and from your device and the network or internet. A Firewall will also protect you against unauthorized users gaining access to your home network or device. As the first line of defense, a Firewall is integral to your security, blocking malware attacks and prohibiting viruses and worms.
3. Activate an Antivirus
This is the next feature of your defensive shield and works by comparing the traffic entering your system against a database of known viruses. More advanced antivirus solutions such as Norton also use specific algorithms to detect as-yet-unknown threats. If your antivirus detects a possible ransomware attack, it will place the application or data package responsible into quarantine and then destroy it.
Antivirus software is upping its game to deal with the increased number and sophistication of cyber threats and the best now backup your sensitive files as soon as a threat is detected, restoring them only once the problem has been solved.
4. Get Enveloped in a VPN
A Virtual Private Network is a wonderful thing to behold, offering you the protection of an encrypted tunnel whenever you access the internet. As a VPN hides your IP address and encrypts your activity, no one can see where you’ve been or who you are, which many Ashley Madison users would probably appreciate!
Every device has an IP address which allows it to be seen on the internet, unfortunately, this means everyone else can see it too. A VPN, however, replaces your original IP address with that of a server, making your activities and geographical location untraceable.
As cybercrime becomes increasingly advanced and its perpetrators progressively sneakier, so it’s vital that individuals and businesses make the most of the security software available to combat these attacks. Just as we work together to make our neighborhood a safer place, so we need to work together to make our virtual reality safer for all.
Cybercrime in all its forms, including cyber extortion, takes its toll on the US economy and, even though you may feel your own security consciousness won’t make much of a difference if everyone adopts safe online practices, so the criminals are repeatedly thwarted. Statistics indicate that, in three years’ time, cybercrime will cost the world in excess of $6 trillion each year, this is something we should all be focused on.
While there are significant advances being made in decrypting ransomware infections, prevention is always better than a cure, which is why you should be vigilant about your online security and put the necessary blocks in place to secure you and your family.