The reality of digital extortion
Extortion is growing in popularity among cyber criminals, says Anvee Alderton, channel manager of Trend Micro Southern Africa.
Extortion. Yes, it is an ugly word and its meaning seems to transcend that of blackmail, reaching into the seedier corners of the criminal trade to obtain money - or information - illegally. Just as extortion takes place regularly in the physical world around us, it is growing in popularity among cyber criminals.
Trend Micro, a global leader in security, has recently released a new report: "Digital Extortion, A Forward Looking View", in which it details the various aspects of this form of cyber crime. The report takes an in-depth look at the means used by cyber criminals to obtain money and the possible reasons behind such actions.
"We first need to make sure we understand what extortion means, as it is different from blackmail. In legal terms, it's defined as forcing someone, or even a company, to engage in an action under the threat of violence if their instructions are not followed. In the digital sphere, the violence we're talking about could relate to threatening to destroy data if someone doesn't pay a certain amount of money. Ransomware is a good example of a form of digital extortion," reveals Anvee Alderton, Channel Manager of Trend Micro Southern Africa.
Blackmail, on the other hand, refers to the threat of releasing information if the victim doesn't comply. This could be anything from threatening to release client details or sensitive company documents, to even threatening to reveal personal information of the target, which would be damaging enough to make them co-operate.
Through the encryption of a company's digital assets - as in the case of ransomware - the attacker is able to name their price in order to release the lock on information. With the advent of Europe's General Data Protection Regulation (GDPR) and South Africa's own Protection of Personal Information Act (POPI), companies can face massive fines if it is discovered they have been hacked and information compromised. Hackers may take advantage of this and encourage the target to avoid the fines by asking for payment that is less than the fine the company would incur.
"What we may see in the future is time-sensitive attacks on high-profile individuals, such as politicians, whether they are extorted with the possibility of sensitive information or photographs of themselves being leaked. The reality is that digital blackmail and extortion are not going away anytime soon. People have been placed in compromising and embarrassing situations when hackers have come across intimate photographs and have used this to get the target to perform whatever task they feel necessary," explains Alderton
So, what can we do to prevent becoming victims? Ransomware appears to be the tool of choice for these hackers, which means it's all about taking the proper precautions and backing up systems, updating regularly and having multi-layered security in place.
"Be wary while you're online. Don't open e-mails from people you don't know. There is anti-ransomware software available and it's worth making the investment in these security measures in order to mitigate any breaches. Cyber crime is a very real threat to global businesses and, just like in the physical world, educating yourself and being vigilant are all part of staying safe online," Alderton concludes.