The ubiquity of crypto ransomware has become a smokescreen distracting everyone’s attention from other widespread tactics of online blackmail. Well, putting an ‘equals’ sign between the totality of existing ransom Trojans and the broad concept of Internet extortion is an understandable misconception. These infections are today’s most hateful cyber threats due to vast media coverage, harsh impact and their authors’ unquenchable craving for easy money.
Nonetheless, online of cyber extortion perpetrators have a bevy of other options to pressure users and companies into paying up. The Onion Router (Tor) anonymity network and decentralized cryptocurrencies like Bitcoin are part of the equation as well, allowing threat actors to cover their tracks and evade prosecution.
In a classic ransomware scenario, attackers cause damage first and then demand money to undo it. Other e-extortion vectors, on the contrary, mainly focus on harvesting ransoms as a means for victims to avert undesirable consequences. For instance, felons can hack a computer, steal personal information and instruct the user to make a payment otherwise the sensitive files will become public knowledge. The cases below reflect all types of online extortion most frequently encountered these days.
Copyrighted Material Pre-Release Blackmail
The most defiant example of this extortion technique revolves around the HBO television network breach that took place in early August a few years ago. A cybercriminal crew calling themselves ‘Mr. Smith’ were able to compromise HBO servers and purportedly stole 1.5 terabytes of unaired TV shows and scripts. The threat actors issued an ultimatum, instructing the company to submit a ransom of $6 million in Bitcoins or else the videos and other data would be spilled before officially scheduled date.
To put additional pressure on HBO officials, the perpetrators leaked episode 4 of Game of Thrones season 7. As the company lingered with their decision, the extortionists dumped another portion of unaired data a week later. A tranche of $250,000 that HBO attempted to mask as a bug bounty reward didn’t satisfy the hackers, so they dropped one more trove of pilfered material on August 13. This incident is likely to have long-term adverse consequences for the company that failed to protect its servers from the breach.
DDoS For Bitcoin
Distributed denial-of-service attacks used to be the prerogative of hacktivists who weren’t motivated by financial gain. As time went by, cybercriminals realized they could use DDoS to defraud organizations of money. The anatomy of this extortion vector involves an anonymous message with threats to knock a company’s website and other segments of IT infrastructure offline by flooding it with the volume of traffic it can’t handle. To prevent this from happening, the victims are told to send a specified amount of cryptocurrency. The initial threats may be followed by ‘demo’ incursion via a commonplace network stress attack.
Protonmail, a well-known provider of free encrypted email, fell prey to such an onslaught in 2015 and paid 15 BTC, only to encounter a yet more powerful flood of traffic packets. This incident demonstrated that following cybercrooks’ demands can be a heck of a slippery slope.
Extortion Over Academic Research
When deploying this hype, swindlers take advantage of students’ foul play with their studies. There are numerous online services offering custom essay writing, and they are rapidly gaining momentum with high school and college students. Teachers certainly don’t approve ‘research’ like that, but students can easily get away with it as long as no one finds out. However, unscrupulous employees of these writing services, or hackers who breach the right customer databases, may contact cheating students and threaten them to notify their school board unless they pay for non- disclosure.
In a similar fraud wave making the rounds in Russia, extortionists send anonymous messages to doctoral students who have just defended their PhD dissertation, claiming to have spotted plagiarism in it and demanding thousands of dollars for not letting the educational authorities know. It’s noteworthy that this tactic is utter bluff most of the time.
Online Dating Extortion
A flip side of popular online dating sites is that they attract numerous scammers who pass themselves off as someone else and manipulate regular users. Cybercriminals can create fake profiles, get in touch with gullible users and make them believe they finally found a potential match. To this end, the crook first attempts to build trust by exchanging appealing messages with a would-be victim. Then, they will typically ask for intimate photos.
If this phase of the scam turns out successful, the impostor will unmask himself and threaten to send the embarrassing pictures to the prey’s friends or upload them to some online resource. The victim is instructed to pay a ransom to thwart this exposure.
Another notorious hoax dubbed an inappropriate term is similar, except that it involves hacking or phishing techniques to obtain someone’s incriminating information.
This tactic requires a great deal of technical skills rather than social engineering alone.
Hitman Extortion
To pull off this type of blackmail, a threat actor sends you an email stating that someone paid them to harm you or a person you care for. The purported murderer will offer you a tradeoff: pay more than the mysterious foe and stay safe and sound. To make the scam appear realistic, the extortionist will typically provide some details about you that they actually collected from your blog or social network profile. The pseudo hitman may also set a deadline for the payment to keep you from making a reasonable decision.
Database Ransom Attacks
In early January 2017, a group of hackers hijacked thousands of MySQL, Hadoop, MongoDB and ElasticSearch databases around the world. All of these servers used default access credentials or, in some cases, no authentication at all. The perpetrators would replace a breached server’s content with a ransom note requesting a specific amount of Bitcoin for reinstating the data that went missing. That’s what database ransom attacks are all about. Unfortunately, this extortion mechanism continues to gain traction due to numerous webmasters’ terrible authentication hygiene that makes their servers a stationary target.
The human factor is one of the weakest links in any security chain. Online predators are clever enough to exploit it in the worst ways imaginable. To steer clear of cyber extortion, reduce the amount of personal data you post on social media, never provide potentially incriminating information to people you don’t know or trust, and use strong passwords for your online accounts and remote desktop services.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures and preventing cyber extortion with strong cybersecurity countermeasures.
I hope you enjoyed this article about the most common types of cyber extortion to avoid to protect your data and finances.
Interested in more articles about maximizing cybersecurity?
Read My Blog Posts:
- Why CEO's Need To Emphasize Cybersec
- Understanding & Preventing Ransomware
Published by Michael J Schiemer
Owner of the Bootstrap Business Blog
Media - Money - Marketing - Motivation
Digital Marketing | SEO | Social Media
Mike Schiemer Builds Better Business
Hitman Extortion
To pull off this type of blackmail, a threat actor sends you an email stating that someone paid them to harm you or a person you care for. The purported murderer will offer you a tradeoff: pay more than the mysterious foe and stay safe and sound. To make the scam appear realistic, the extortionist will typically provide some details about you that they actually collected from your blog or social network profile. The pseudo hitman may also set a deadline for the payment to keep you from making a reasonable decision.
Database Ransom Attacks
In early January 2017, a group of hackers hijacked thousands of MySQL, Hadoop, MongoDB and ElasticSearch databases around the world. All of these servers used default access credentials or, in some cases, no authentication at all. The perpetrators would replace a breached server’s content with a ransom note requesting a specific amount of Bitcoin for reinstating the data that went missing. That’s what database ransom attacks are all about. Unfortunately, this extortion mechanism continues to gain traction due to numerous webmasters’ terrible authentication hygiene that makes their servers a stationary target.
The human factor is one of the weakest links in any security chain. Online predators are clever enough to exploit it in the worst ways imaginable. To steer clear of cyber extortion, reduce the amount of personal data you post on social media, never provide potentially incriminating information to people you don’t know or trust, and use strong passwords for your online accounts and remote desktop services.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures and preventing cyber extortion with strong cybersecurity countermeasures.
I hope you enjoyed this article about the most common types of cyber extortion to avoid to protect your data and finances.
Interested in more articles about maximizing cybersecurity?
Read My Blog Posts:
- Why CEO's Need To Emphasize Cybersec
- Understanding & Preventing Ransomware
Published by Michael J Schiemer
Owner of the Bootstrap Business Blog
Media - Money - Marketing - Motivation
Digital Marketing | SEO | Social Media
Mike Schiemer Builds Better Business
Share This On Social Media:
