We’ve seen an evolution of ransomware, beginning with malware inserted into malicious advertising on websites by hackers who knew how to code. In the next stage, the Dark Web marketplace allowed people with no coding skills to purchase pre-packaged ransomware and the email lists to send it to – even allowing criminals to select emails by sector and/or geographic location. The initial ransom requests were typically small, $500 for home users and $5,000 for businesses that became infected.
Ransomware became very lucrative as businesses often found it less costly to pay the $5,000 instead of paying for help to restore their data, or they didn’t have backups that they could restore. Criminals then started upping the ante with larger ransom demands until the tables turned, and businesses would pay for data restoration and not pay the ransom demand.
Never underestimate criminals! They quickly deployed two new tactics. First, they added secondary malware that would wait until the affected business began to restore from their backups and encrypt the backups and render them useless. The other tactic was to take a copy of the data and sell it on the Dark Web.
This led to extortion. When a business paid the ransom to restore their data, the criminals knew it had value and would go back and threaten to release it publicly unless they were paid additional funds. Once the business stopped paying the extortion demands, the data was often still put up for sale on the Dark Web.
Now the blackmail is getting more personal, with executives as the targets. The ransomware gangs know that the C-level business owners, executive directors, and lawyers will have access to sensitive data such as personnel files, payroll, financials, donor databases, confidential emails, trade secrets, legal documents, etc. The more damage the data could cause if made public, the higher the blackmail demand.
In a recent situation, a client of one of our Resellers had two executives that fell prey to another twist on this tactic when the hacker used their company emails to send out embarrassing data to Board Members and some of their top customers.
Now more than ever, it is prudent to make sure executives are well-versed in cybersecurity awareness, that sensitive data is encrypted, that multi-factor authentication is in use, and that the organization has immediate access to trained and experienced breach response resources for guidance on what to do and what NOT to do if they find themselves in this situation.