Halloween is a time when we celebrate what scares us, like ghosts, goblins, ghouls, and the like. For adults, the holiday becomes more lighthearted with each passing year, due to the understanding that such monsters are fictional. Yet, there exists real monsters who know how to play on people’s fears, namely, hackers.
Granted, it’s highly unlikely that a child will visit your front door this Halloween dressed as a hacker. Nevertheless, the digital doors of your business, i.e., your website and network, are very likely to be visited on Halloween–and every day following. While many of these threats aren’t all that scary and are easily thwarted by security tools like a managed firewall and spam-blocking solution, a threat that’s specifically targeting a user has a greater chance of getting through. If such a hacker successfully breaches your security system, that’s when the nightmare of cyber extortion begins.
Cyber extortion comes in many different forms, and it can be very effective when executed properly. The hackers behind cyber extortion prefer using fear to incite unreasonable action from their victims, even if it means using frightful tactics like blackmail and deception.
Many of these methods work similarly to ransomware. Most ransomware will encrypt the files stored on a victim’s computer, and they will only provide a decryption key if the victim pays a fee. The idea here is to use fear to get users to hand over money (often in the form of untraceable cryptocurrency) in exchange for their precious files. This can be particularly devastating for businesses, as it means they could potentially lose access to all of their mission-critical data.
In the majority of ransomware cases, unless an organization has their data backed up, they’re out of luck and won’t be able to retrieve their data without paying the fine. Now that’s scary!
In an even scarier twist on an already sick scam, there are hackers who will steal information from businesses or individuals, and then offer an ultimatum; either pay up, or the sensitive data gets leaked to the Internet. This may be a worse fate because it allows other, more dangerous hackers to access the data and use it for nefarious purposes. This variety of hackers tend to ask somewhere between $250 to $1,200 for the safe return of the victim’s data.
IC3, the FBI’s Internet Crime Complaint Center, received a significant number of reports indicating that users who had data stolen through high-profile data breaches received extortion emails demanding that they pay a fee, or suffer the consequences. This data could be anything from personally identifiable information, like Social Security numbers, to financial information, like credit card numbers. In some cases, hackers would claim to have information that could cause catastrophic damage to victims’ personal lives, like personal photos and correspondences.
Although, we should point out that there’s virtually no way of guaranteeing that these hackers actually have the files they claim to have. They could just be blowing hot air and fishing for a response, hoping that you’ll be gullible enough to give in to their outlandish requests. However, for this same reason, it’s important that you don’t immediately pay the ransom. What guarantee do you have that they’ll give you the decryption key? The answer: none.
Basically, you should never, under any circumstances, give in to fear and pay the ransom offered by the hackers. Doing so doesn’t necessarily save your information (if they even have it) from being posted on the Internet. All it does is give in to the hacker’s demands by providing them with exactly what they want. Why should you give them this satisfaction, especially after the scare they’ve given you?
Instead, to prevent finding yourself at the mercy of a malicious hacker who’s extorting you for everything you’ve got, then we recommend giving Setton Consulting a call at 212-796-6061 to get the proactive support your company can use to keep from paying the price. We can calmly walk you through the steps of dealing with a devious hacker, as well as offer ways you can shore up your network security in order to prevent any further data breaches.
This Halloween, be safe and make sure to celebrate what looks scary (but really isn’t), instead of finding yourself in a situation that’s actually scary, like being blackmailed by a hacker.