So far in 2017, ransomware has been the star cyberattack, with two back-to-back incidents in recent months that were unprecedented in their size and scope. This malicious software encrypts files from computers and blocks them until a ransom is received, usually in the form of bitcoin, an untraceable virtual cryptocoin. The now famous Wannacry attack affected about 230,000 computers, affecting hospitals and banks, reaching to the core of organizations and businesses. And a few weeks ago, European and US organizations were attacked by a new mode of ransomware called “GoldenEye / Petya”.
But ransomware is not the only form of extortion that threatens user security. There are indeed other attacks that cannot be described as ransomware even if they do seek a ransom from their victims.
Extortionware, a public menace
‘Doxware’ is a type of extortionware that uses data as leverage in a blackmailing scheme. Its name comes from the term ‘doxing’ — the technique of posting of stolen data online that is sensitive in nature. Attackers using doxware threaten to make public a company or individual’s confidential files, conversations, and data unless a ransom is paid. Because of the risk of losing not only files, but also suffering PR damages, the attack can be much more profitable for attackers. This was the case with the attack on Ashley Madison, a company that facilitated extramarital affairs. In this case, the company was also ordered to pay damages for the long list of security oversights that led to the attack.
Doxware’s strategy takes traditional ransomware and flips it on its head — instead of encrypting your data and making it inaccessible, it threatens to make it accessible to everyone. Doxware is considered a more sophisticated and lucrative mode of ransomware due to the large sums it demands (and probably receives). In many cases these attacks are not reported for reasons of discretion.
Distributed Denial of Service (DDoS)
DDoS attacks essentially shut down online services by overloading them with traffic created by botnets. Attackers are able to threaten companies with this type of cyberattack if they refuse to to pay the established “ransom”. The consequences of a DDoS attack are especially grave for ecommerce or for companies that offer their services exclusively online. In 2015, DDoS attacks were launched against ProtonMail, a Swiss company that offers encrypted email service. Despite paying the bitcoin ransom, the attacks continued to bombard the company’s servers.
It should be noted that DDoS attacks do not occur solely for the purposes of economic extortion. On occasion, attackers use denial of service attacks as a way to express political opinions and exert pressure on organizations. In 2011, for example, members of Anonymous launched attacks against Paypal, Visa and Mastercard servers after these companies refused to process donations to Wikileaks.
How to minimize risk
To protect ourselves and our businesses from these threats, a good defense plan begins by constantly backing up data and performing updates in a timely manner. However, complete protection for a company also involves ensuring prevention and response to threats, revealing abnormal behavior before it can have adverse effects. The use of advanced cybersecurity platforms to detect suspicious behavior and trigger protection systems even before they become malicious is essential.