Malware

The rise of “extortionware” and how it differs from ransomware

The Cybersecurity landscape is shifting dramatically, as organised cyber-attacks on businesses and other large entities are increasing in frequency and ambition. Ransom pay-outs are getting bigger, and the result is some very rich cyber-criminals operating in an extremely lucrative industry.

It’s an industry where right now, the bad guys are definitely winning.

Ransomware vs. Extortionware

Ransomware refers to malware (or corresponding attacks) aimed at stealing or encrypting data and holding it to ransom. This can include encrypting important system files or company records that businesses need to operate.

Traditionally ransomware will encrypt this information and will demand a ransom to be paid out in order to retrieve the decryption key. It’s proven to be an extremely lucrative business model, with numerous high profile attacks that have resulted in countless millions of dollars handed out by businesses to cyber crooks.


Sponsored Content. Continued below...




But this criminal business model is evolving. Stealing or encrypting data and demanding a ransom for its return has one fatal flaw. Data backups. Why pay to get data back when you can remove the malware infection and restore from your unaffected data backups? Ransomware, to an extent, has been the victim of its own success. It has become such a prolific threat that companies have become much better at backing up their important data for fear of being targeted.

This in turn as led to a rise in “extortionware” tactics. Organised criminal gangs, no longer satisfied with stealing or encrypting data on a company’s network and holding it to ransom (only for the business not to pay because they have a backup) will now search out sensitive information to leak to the public unless a company pays up.

This can be sensitive customer data, employee records or even the porn stash on the IT Director’s hard drive. Crooks seek out anything that an organisation or an individual doesn’t want made public, and threatens to reveal it unless the victim pays a ransom.


Sponsored Content. Continued below...




This is extortion, and unlike the traditional model of ransomware, these tactics are immune to data backups. After all, even if a company can replaced stolen or encrypted data with a backup, this does little to help if crooks leak sensitive or embarrassing information to the general public.

The emphasis of encrypting a victim’s important files via malware (the traditional ransomware approach) is dwindling in lieu of using malware infections to steal sensitive information and threatening to release it to the public (extortionware.)

As such, these extortion tactics are likely to be one of the biggest threats facing businesses and even individuals going forward.

Share
Published by
Craig Haley