Extortion is a common form of monetizing a web attack — but the cost to the victim can be far higher than the financial price alone.
A previous blog post discussed data-encryption blackmail and ransom attempts on websites. Yesterday, a news story revealed just how aggressive these extortion attempts can be.
The basic story is this: Hackers broke into a company website and stole sensitive data. They then sent a ransom demand, payable in bitcoin.
It’s unclear if the data “theft” was actually a theft (meaning that the thieves were threatening to reveal or resell the information to others). It’s also possible that the attackers had just encrypted the data and held it hostage, as described in our previous blog post.
Either way, the result was the same. The hackers made a ransom demand — and the company paid it.
But the hackers, after receiving the payment they demanded, issued another demand for more money.
At that point, the story took an unusual turn.
After the company refused the new demand, the hackers issued a new threat. They would launch an online smear campaign, but not targeting the company.
According to police, the hackers “profiled a senior member of the organisation, identified their family and threatened to discredit members of his family through online attacks particularly targeting a child.”
A police official confirmed that the whole incident was “quite traumatic for the business, the victim and his family.”
There are several obvious takeaways from this. First, criminals have no honor.
If you’re the victim of an extortion attempt, you shouldn’t give in. It’s quite possible that after you pay, the attackers will just escalate the attack even further.
Second, the only good solution to these situations is to prevent them from happening in the first place. If the company had done a better job securing its network, the initial attack would have failed, and the subsequent ugliness would never have occurred.
Web security is no longer just a matter of good business practice. It might affect you personally as well.
Photo credit: Jefferson Santos via Unsplash