Ransomware and Other Cyber Extortion Attacks
Ransomware is a form of malware that, once it’s on a system, encrypts the victim’s files or folders so they cannot be accessed without the attacker’s key. The malware then displays a message asking the victim to pay a fee (in cryptocurrency like Bitcoin) in order to decrypt their data and return it to them.
While file-encrypting ransomware is the most common, attackers can also use a variety of other tactics to extort money from victims. For example, they can pose as law enforcement to claim that a computer is running pornography or pirated software and demand a fine. They can also publish stolen data publicly on the internet. This type of ransomware is known as “doxware.”
Often, cyberattacks start with an employee opening a malicious attachment in an email. That’s how the wire transfer phishing attack that cost Colonial Pipeline in mid-2021 its $4.4 million ransom payment started.
Once ransomware is in place, it can spread to other systems through the same channels as other malware: malicious apps, infected external storage devices and compromised websites. Attackers can purchase ransomware kits on the deep web and customize the malware for their attacks.
When faced with a ransomware or other cyber extortion incident, the first thing that companies should do is follow their written incident response plan and to notify senior management and the legal department from the outset. That will help protect the investigation from exposure to class-action lawsuits and other legal claims arising in the aftermath of the attack, and it will ensure that the offer to pay a ransom is pre-approved by the company’s insurance carrier.