Ransomware attacks have gained notoriety over the past few years. Breaches and hacks have resulted in increased employee cybersecurity training as well as the development of sophisticated access management tools. As technology adapts to new threats, malicious actors adjust their strategies. The FBI has identified a specific kind of ransomware that is now categorized as extortion. Here’s how you can tell the difference between a traditional ransomware attack and a targeted extortion attempt.
Characteristics of a Ransomware Attack
Organizations that have not experienced ransomware attacks still know about them. During an attack, an organization loses access to files and data. The organization must pay a ransom, typically in the form of bitcoin, to regain access. Ransomware victims are usually opportunistic targets. Their organization may have failed to update a security flaw, they might share a server with an infected hosting client, or they may have hardware with an easily exploited core processor. Whatever the case, hackers exploit the defect by casting a wide net. If your network has a flaw, then ransomware gains access. Ransom is typically a generic figure that varies little between victims, regardless of the organization’s or data’s value.
Characteristics of an Extortion Attack
The main difference between ransomware attacks and extortion attempts are the means through which the hacker identifies the victim. Victims are specifically targeted because of perceived or actual high-value digital assets. An event with this signature is considered extortion. Extortion attacks are rising, and are poised to occur with greater frequency than traditional, opportunistic ransomware attacks. In addition to targeting based on value rather than access, hackers demand higher ransoms due to a higher value breach.
Mitigation and Prevention
Mitigation efforts are more practical than preventive measures because preventive measures rely heavily on human perfection. One simple human error such as clicking on a suspicious link, clicking through a malicious ad, or unknowingly downloading an infected whitepaper can result in a system-wide ransomware attack that can easily become a global hack.
Some helpful mitigation strategies include out-of-region system backups, updated system, and network security patches as well as managed detection and threat response protocols.
Regardless of the attack signature, ransomware damages a company’s reputation and disturbs workflows. Bouncing back from an attack requires robust contingency plans.