When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks to choose from. There are some tricks, that they favor more than others, one of which is extortion. According to the FBI’s latest Internet Crime Report, US victims of extortion lost some US$107.5 million to these crimes last year.
One thing to keep in mind is that blackmailers won’t just stick to one trick but will employ multiple flavors of extortion to try to force their victims into doing their bidding – be it paying them a handsome sum or even performing tasks on their behalf.
Ransomware is by far one of the best-known examples of extortion employed by hackers around the globe, with targets ranging from companies, through governments to individuals. The basic premise is that your device will be infested by ransomware using one of the various tactics hackers employ, such as duping you into clicking on a malicious link found in an email or posted on social media or shared with you through a direct instant message.
After the malware makes its way into your device: it will either encrypt your files and won’t allow you to access them, or it will lock you out of your computer altogether, until you pay the ransom. It is also worth mentioning that some ransomware groups have added a new functionality; a form of doxing wherein they traverse your files looking for sensitive information, which they will threaten to release unless you pay them an additional fee. This could be considered a form of double extortion.
Before wondering whether to pay or not, you should check if a decryption tool has been released for the ransomware strain that has infested your device; also, the answer is: don’t pay. For additional advice on protecting against ransomware attacks, you can check out our excellent, in-depth article Ransomware: Expert advice on how to keep safe and secure.
Hack and extort
The title is pretty much self-explanatory, but to make things abundantly clear, the extortionist will infiltrate your device or online accounts, go through your files looking for any sensitive or valuable data,and steal it. Although it may echo ransomware in some respects, in this case, the breaking-and-entering of your device is done manually and the cybercriminal will have to invest time and resources into doing so. Well, unless your password was part of a large-scale data breach, in which case the effort put insignificantly drops. The successfully targeted individual then receives an email in which the criminal tries to coerce the intended victim into paying by threatening to expose this data, listing examples for added effect.
To protect yourself, you should consider encrypting your data and adequately securing all your accounts using a strong passphrase, as well as activating two-factor authentication whenever it is available.