Cyber-Security Specialists are warning about the rise of Extortionware where cybercriminals embarrass victims into paying a ransom.
Specialists say the trend towards ransoming sensitive and private information affects the companies not just operationally but also through reputational damage.
It came into light when Cybercriminals bragged after discovering an IT Director’s confidential porn collection. In a Darknet blog post about the breach last month, the cyber-criminal named the IT Director whose work computer supposedly carried the files.
The cybercriminal also posted a screenshot of the computer’s files library, which contains more than a dozen folder catalogs of porn websites and porn stars.
The notorious hacker group wrote: “Thank God for [named IT Director]. While he was [masturbating], we downloaded several hundred gigabytes of private information about his company’s customers. God bless his hairy palms, Amen!”
The cybercriminals removed the blog post in the last couple of weeks, which specialists say indicates that the extortion attempt worked. The cybercriminals have been paid to restore data and not publish any more details.
The same group is also trying to press another US Utility company into paying a ransom by posting an employee’s credentials for a members-only porn website.
‘The new norm.’
Another ransomware group that also has a darknet website shows the use of similar tactics.
The comparatively new group has issued private emails and pictures and is calling directly for the mayor of a hacked municipality in the US to negotiate its ransom.
In another case, cybercriminals claim to have found an email trail revealing evidence of insurance fraud at a Canadian agriculture company.
Brett Callow, a threat analyst at cyber-security firm Emsisoft, says the trend points to an evolution of ransomware hacking.
“This is the new norm. Hackers are now actually searching the data for information that can be weaponized. If they find anything that is incriminating or embarrassing, they will use it to leverage a larger pay-out. These incidents are no longer simply cyber-attacks about data; they are full-out extortion attempts.”
Another example was seen in December 2020, when the cosmetic surgery chain The Hospital Group was held to ransom with the threat of publication of images of patients.
Ransomware is evolving
Ransomware has evolved considerably since it first surfaced decades ago. Cybercriminals operate solo or in small teams, targeting individual internet users at random by booby-trapping websites and emails.
In the last couple of years, they have become more mature, organized, and ambitious.
Cybercriminals are estimated to be making tens of millions of dollars a year by spending time and resources targeting and striking organizations or public bodies for huge pay-outs, sometimes totaling millions of dollars.
Brett Callow has been following ransomware tactics for many years and says he saw a difference in methods in late 2019.
“It used to be the case that the data was just encrypted to disrupt a company, but then we started seeing it downloaded by the hackers themselves.”
“It meant they could charge victims even more because the threat of selling the data on to others was strong.”
Difficult to Defend
This latest trend of threatening to damage an organization or individual publicly has particularly concerned experts because it is hard to defend.
Keeping regular and secure backups of company data helps businesses recover from crippling ransomware attacks, but that is not enough when the hackers use extortionate tactics.
Cyber-Security consultant Lisa Ventura said: “Employees should not be storing anything that could harm a firm reputationally on company servers. Training around this should be provided by organizations to all their staff.”
“It’s a troubling shift in angle for the hackers because ransomware attacks are not only getting more frequent, they are also getting more sophisticated.”
“By identifying factors such as reputational damage, it offers far more leverage to extort money from victims.”
A lack of victim reporting and a cover-up culture makes estimating the overall financial cost of ransomware difficult.
Experts at Emsisoft estimate those ransomware incidents in 2020 cost as much as $170bn in ransom payments, downtime, and disruptions.