The Extortion is a common practice in the cyber criminal ecosystem

According principal security firms, extortion, ransom and blackmail are pillars of illicit activities, cyber criminals are adapting them to the cyber context.

Extrotion is becoming a worrying inclination in the cyber criminal ecosystem, the number of targeted attacks that request money in change of a suspension of the hostilities and to give back to the victims the abused resources is increasing in significant way. Ransomware and DDoS attacks are the most common forms of attack, victims are informed of ongoing activities and stressed by an incessant mafia-style extortion tactic that keep victims in hostage paralyzing their services or making inaccessible the user’s data.

“It sounds exactly like something out of the 1920s and the extortion racket. Now it’s being played out in cyberspace,” this is a new form of racket like declared by Carl Herberger, vice president of security solutions at Radware.

The main problem is that in many cases the attacks could have a serious impact on the business, a DDoS attack knocks offline for hours or days a targeted website impacting on millions of users. Cyber extortion is not a new concept, it has been carried out at various levels and by different kind of actors, including small group of criminals and also international crime organization like the syndicate of crime like the Russian Business Network (RBN). The Russian Business Network has long been known for botnets such as Storm used extorting activities against hosting services. In DDoS attacks finalized to extortion the attackers flood victim’s websites or web services knocking out them, of course the criminals then offer to block the attack in exchange for a fee.

Recently, many companies were hit by criminals for extortion, social networking site Meetup.com was one of them, the criminals requested to the company CEO $300 to arrest the attack against its servers. Another case is related to company who manage online project management software Basecamp, also in this case the attackers have opted for a DDoS extortion that shut down access to official website.

The experts suggest to don’t pay any fee to avoid further requests from criminals, despite the alert of law enforcement many victims are paying to restore normality.

“What choice are companies left with that don’t have a lot of resources or time?” “The number is fairly non-objectionable to the victim so they just pay it. They are trying to get the victim to run a cost-benefit analysis in their head.” said Herberger. 

Insurance groups are starting to seriously approach also the cyber extortion, they basically manage the cases that could harm their customer’s business, causing loss of reputation and money.

The recent rise of ransomware has created serious problems to enterprises and government agencies, malware like CryptoLocker are specifically designed for cyber extortion purpose.  A survey conducted at the  revealed that 41% of UK respondents who were infected by Cryptolocker claimed to have agreed to pay the ransom, a figure much larger than official estimates provided by Symantec (3%) and by Dell SecureWorks (0.4%). The average amount per infection is $300.

“Ransomware attacks grew by 500 percent in 2013 and turned vicious” according 2014 Internet Security Threat Report (ISTR), which propose an analysis of the techniques adopted by cybercriminals to conduct sophisticated, as dangerous, cyberattacks.

Malware like CryptoDefense destroys the key if the ransom isn’t paid within one month, for this reason victims are scared by this malicious code.

It’s my opinion that attacks for extortion purpose will increase, I afraid that they could also impact high-sensitive environments, but what could be an element of innovation in the future strategies is the inclusion of the blackmail within the sources of income.

Pierluigi Paganini 

(Security Affairs –  Cyber Extortion, cybercrime)