In a Calvin and Hobbes comic strip, a schoolyard bully demands Calvin pay 50 cents to be his friend—or else! Calvin wryly asks, “What’s a little extortion among friends?”
In real life, no one laughs extortion off—especially not cyber extortion.
Cyber extortion cases are on the rise. Digital bullies have grown more sophisticated, and greedier in their ransom demands. In 2021, the average demand cybercriminals made in ransomware attacks—the most common, type of cyber extortion—increased 144% over 2020, according to cybersecurity company Unit 42. Actual payments increased 78%, reaching an average of $541,010.
It’s a far cry from Calvin’s 50 cents!
Though national and state cyber extortion laws are on the books, they haven’t deterred cyber extortionists. Opportunities to exploit computing vulnerabilities are abundant and low-risk, and the potential payoff is too great.
As a broker serving your business clients’ best interests, you need to know the basics about cyber extortion. We at ProWriters have prepared this brief overview of what it is, as well as how businesses can defend against and respond to it.
Understanding the Major Types of Cyber Extortion
As mentioned, ransomware attacks are by far the most common cyber extortion cases.
In ransomware attacks, cybercriminals use malicious code (malware) to infiltrate devices, servers, and networks. The malware encrypts data and files, rendering them inaccessible, and makes devices and systems unusable. The malware then demands victims pay a ransom to decrypt their files, and regain control of affected data and devices.
In 2021, 623.3 million ransomware attacks occurred worldwide—105% more than the year before, and more than three times the amount in 2019, according to cybersecurity firm SonicWall.
Sometimes, cyberattackers use code called “extortionware.” Like ransomware, extortionware infects and encrypts data. But instead of demanding money for access, it threatens to make data public unless the victim pays.
Stealing and then threatening to release data is often called “double extortion.” In cases of double extortion, a data exposure, which might not in itself leave the victimized company liable for damages, turns into a data breach, which almost certainly will. The targeted company will have to notify affected third parties that their information has been compromised. It may also then have to deal with other financial fallout such as paying for credit monitoring for affected individuals and running a public relations campaign to restore their tarnished image (fairly or unfairly).
Double extortion isn’t even as bad as attacks can be. When using “triple extortion” ransomware, cyberattackers demand payment not only from the targeted company but also from that company’s clients.
And using ransomware is only one cyber extortion tactic. Carrying out Distributed Denial of Service (DDoS) attacks is another. In DDoS events, cyberattackers flood a system with traffic until it crashes by using multiple hijacked, connected machines—a “botnet”—against a single target. The botnet makes the targeted website or server unavailable to legitimate users, and the victim must pay ransom to stop the disruption.
Know the Cyber Extortion Prevention Best Practices
What can and should businesses do to reduce their risk of falling victim to cyber extortion? Here is some guidance to share with your clients.
- Educate and Train Employees
Don’t simply assume “everyone knows” about cyber threats. Provide regular training about cybersecurity. Employees who can identify how bad actors try to infiltrate computer systems—for instance, through such social engineering attacks as phishing emails—can be the first line of defense.
- Use Available Cyber Security Measures
Too often, businesses aren’t using simple security measures that could protect them. Be sure to:
- Use secure email gateways (SEGs) that check for malicious and suspicious content.
- Create strong passwords and use a password manager.
- Require multi-factor authentication (MFA)—identifiers beyond a username and password—for online access to data and computer systems.
- Turn on and use firewalls and anti-virus software.
- Install software updates and patches as they become available, and automate updates whenever possible.
- Create and Regularly Update Backups
Routinely backing up critical data, files, systems, and servers—in the cloud, and on physical devices off-site—can help companies recover from attacks more quickly, minimizing downtime and revenue lost due to business interruption.
Craft a Plan to Respond in Cyber Extortion Cases
Should cyber extortionists strike, businesses will need a skilled and experienced forensic IT (information technology) team. Computer forensics experts know how to determine what kind of cyberattack took place, and what data, if any, the attackers accessed, viewed, or exfiltrated (exported).
Traditionally, IT experts engaged in “dead box” forensics—imaging a machine or system, and examining its contents offline. As technology has evolved, forensics has shifted to focus more on what processes and programs are actively running in real time. Live system forensics bypasses hard drives and most encryption. It allows investigators to identify threats more quickly. This speed helps affected companies get back to business faster.
Before any cyber attacks occur, businesses should create a comprehensive incident response (IR) plan. Among other items, this plan should spell out who will contact forensics and other outside experts, and which ones. Having a thorough and readily accessible plan can make response and recovery faster, and saves businesses the stress of muddling through in the moment.
Get Cyber Extortion Coverage for Your Clients Through ProWriters
Carriers who offer Cyber Liability Insurance want the businesses they cover to have IR plans, and to follow best cybersecurity practices. These plans and practices make companies “good risks” who’ve taken proactive steps against cyber extortion.
This way, when the digital bullies show up demanding money, cyber extortion coverage can help. It will help cover the cost of paying ransom—which is, unfortunately, still sometimes the fastest way to get back to business.
Still, this coverage is only part of a strong Cyber Insurance policy. Cyber Insurance can cover the expenses of hiring IT forensic investigators, making up for revenue lost during a business interruption, notifying third parties affected in a data breach, and much more.
To find out how you can quote multiple Cyber policies from top carriers to your clients easily and effectively, schedule a call with a ProWriters representative online.
To find out more about cyber extortion and what your business clients can do to protect themselves from it, download our free eBook, Ransomware: The Front Lines.