In 1824, the Duke of Wellington received a letter from a publisher threatening to publish a memoir by his former mistress. The publisher offered to keep the Duke out of the book if he received a sum of money. The Duke reportedly sent the letter back with “Publish and be damned” scrawled on the back.
Fast forward hundreds of years later, extortion not only exists but is thriving. In fact, it has bled over to the digital world.
Over the last couple of years, cyber extortions have revolved around the most valuable aspect of the digital age – data. The first case of cyber extortion, as reported by Thomas Whiteside in his book Computer Capers, occurred in 1971 when two reels of magnetic tape belonging to a branch of the Bank of America were stolen at Los Angeles International Airport. The thieves demanded money for their return, but the ransom was not paid because tape backup was available but things have escalated since.
Cyber extortions have taken on multiple forms, all focused on data – encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data:
One of the reasons these attacks have grown exponentially is because of the availability of digital currency. Instead of having to deal with physical cash and paper trails, extortionists now benefit from anonymized digital transactions with Bitcoin. Anyone can set up a Bitcoin wallet address without any financial oversight, which means any cyber extortionist can carry out an attack and extract payment.
Is there anything that can be done to prevent cyber extortion? Quite simply, identify and categorize your data. Spend your efforts protecting the most critical data. The easiest way to do this is by moving your data to the cloud. Why? Because when your data is in a corporate approved cloud storage application, you’ll know exactly where it is versus being distributed across multiple endpoints, personal email accounts and internal servers in data centers. The combination of security from your cloud application vendor, and a cloud access security broker probably delivers better security than most organizations can for their internal data center.
As long as companies continue to pay ransoms when attacked, we should expect cyber extortion to continue for a long time.