Don't Negotiate. Mitigate.

Cyber extortion is on the rise. Lured by easy and lucrative financial gain, cybercriminals have become more persistent and sophisticated. New strains of ransomware, ransomware-as-a-service, and affiliated business models have helped turn cyber extortion into a legitimate underground economy. In an attempt to turn up the pressure and odds of a successful payday, bad actors are executing triple extortion consisting of:

Encryption of Data

The most traditional method, using ransomware, cybercriminals will encrypt their victim's data and demand payment in return for the decryption key.

Public Exposure of Stolen Data

Before encrypting their victim's data, the cybercriminal has already successfully exfiltrated this data and threatens to expose it publicly unless paid.

DDoS Attack

Usually, after a demonstration DDoS attack, the cybercriminal will threaten to launch a larger, more complex DDoS attack in the future unless paid.

Cyber extortionists prey upon organizations with less mature security teams, inadequate cybersecurity solutions, and are motivated and capable of paying their extortion demands. Fundamental protections should be in place so you can avoid or be prepared when threatened with cyber extortion.

  1. Avoid a network breach – In most cases, a ransomware attack is preceded by a network breach of some sort. After the network is breached, command and control is established, additional malware is dropped, lateral movement occurs, and ultimately, the ransomware is downloaded and executed. Best practices include educating users on proper cybersecurity hygiene, employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or Indicators of Compromise (IoCs).
     
  2. Remove Vulnerabilities and Backup Data – As much as possible, stay abreast of exploits, run vulnerability assessments, patch, and update computer systems accordingly to avoid compromise. Back up valuable data and test data restoration plans.
     
  3. Continuous Threat Intelligence – Cybercriminals are constantly changing their Techniques, Tactics, and Procedures (TTPs). Stay abreast of the latest threat intelligence to help detect, investigate, or proactively hunt for signs of compromise that precede a ransomware attack.
     
  4. Proper DDoS Protection – The three main types of DDoS attacks are volumetric, state exhaustion, and application layer. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation as DDoS attacks are increasing in size, frequency, and complexity.

Learn about the Lazarus Bear Armada DDoS extortion campaign from the attacker behavior to the extortion demands and recommended actions from our security team. Read the blog

What is Cyber Extortion?

Cyber extortion is when bad actors demand payment in exchange for forestalling or ending a threat to an online business or entity. This malicious activity often comes in the form of a data/network compromise, data encryption or distributed denial of service (DDoS) attack, which disrupts or completely curtails an organization’s ability to conduct business-as-usual (BAU).

The three most common forms of cyber extortion attack involve:

  • Data Encryption – In this type of attack cybercriminals will use ransomware to encrypt their target's data and demand payment in return for the decryption key needed to unlock and access the purloined data.
  • Threat of Exposure – Here, cybercriminals infiltrate an organization’s systems and databases, accessing private information, then threaten to release it publicly if the ransom is not paid.
  • DDoS Attack – This type of attack typically starts with a small DDoS attack to demonstrate the bad actor’s ability to wreak greater havoc in the future if a payment is not made. 

In order to increase payday and put more pressure on their victims, Cyber extortionists employ all three methods simultaneously – a tactic known as Triple Extortion.

Cyber extortionists generally target organizations with deep pockets and who have inadequate cybersecurity solutions in place. With the advent of ransomware gangs offering ransomware-as-a-service, it is easier than ever for even the least sophisticated cybercriminals to launch a serious and potentially damaging cyber extortion attack.

How to Block Ransomware from Your Network with Arbor Edge Defense

Arbor Edge Defense - The First and Last Line of Smart, Automated Perimeter Defense

 A vital component of NETSCOUT Omnis Security, Netscout Arbor Edge Defense (AED), is deployed on-premises, inside the internet router, and outside the firewall, where it acts as the first line of defense. As a last line of defense, AED can detect and block outbound indicators of compromise that have been missed by other tools in your security stack, allowing to block malware or command and control that precede data exfiltration or ransomware attacks.

Learn More

Under Attack/ Emergency Provisioning / Increase Mitigation Capacity

844-END-DDOS for US and Canada
+1 734-794-5099 for International

Talk to an Expert