Are you currently experiencing an attack?

Are you currently experiencing an attack?

The Rising Trend of Ransom Attacks

Ransom attacks (where an attacker attempts to extort a ransom from an online victim) are increasing. As noted in Cisco’s most recent Annual Security Report, there has been an “explosion in ransomware,” resulting in this trend.

This is notable not only for the rising rate of attacks, but also for the shift of targets. In the past, ransom attacks were designed primarily to attack individual computer users. Now, different attack vectors are being used to target entire organizations.

Cybercriminals have developed innovative ways to force their victims into submission and meet their demands.

If your organization is not prepared for these new tactics, then you too are at risk for becoming a victim.

A Different Approach

In the past, target organizations who did not pay the stated ransoms would suffer various consequences, such as a denial of service attack.

Frequently, the best response was to ignore the threat. Often, the resulting attack could be mitigated. Even better, sometimes the threat turned out to be a bluff, with no actual consequences.

This is now changing. Attackers are developing new ways of ensuring that their demands are met.

More and more, their threats include an extremely painful cost for noncompliance.

New Forms of Pressure

One prominent example of this is the recent breach of multiple healthcare providers in the U.S. A hacker known as TheDarkOverlord has claimed (and an investigation by InfoArmor has confirmed) the successful theft of 10 million patient records.

This theft is notable not only because of its size, but also for the pressure that the hacker is placing on his victims.

As expected, the victims have been given ransom demands. And they have been told that if they don’t pay, eventually their stolen data will be sold on the black market.

But before that occurs, two other things will happen.

First, the hacker will contact some of the patients whose personal information he stole. He will inform them that their healthcare provider didn’t protect their sensitive information.

Worse, he will say that their provider is also ensuring (by refusing to pay the ransom) that their sensitive information will be sold to identity thieves.

Obviously, the goal here is to place extreme pressure on the victim — not just from the hacker, but also directly from the victim’s customers.

And this isn’t all. Providers who don’t submit to the ransom demands will also be named publicly on Twitter. Obviously, this will be very damaging to their reputations.

In addition, there are possible legal ramifications. Healthcare providers have strict legal requirements to maintain patient privacy.

A confirmed leak of patient records could be viewed as prima facie evidence that the provider failed to meet these requirements. With up to 10 million records compromised, this breach could easily become the basis for large class-action lawsuits.

An Ominous Trend

In the past, online extortion attempts could sometimes be safely ignored. Often, the potential consequences for doing so were tolerable.

Now, attackers are adopting new methods. High levels of pressure are being exerted upon the victims:

  • Angry customers.
  • Being publicly named-and-shamed.
  • The destruction of reputation and brand value in the marketplace.
  • And even possible lawsuits.

There’s only one guaranteed defense against these new tactics. You must ensure that the initial attacks never succeed.

If a hacker can’t penetrate your system, then he can’t steal your data, and he can’t threaten to expose it.

Food for thought: Is your web security robust enough to ensure this?

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.