Welcome to our deep dive. And today we're going to be looking into cyber extortion, specifically ransomware, and we're going to be using excerpts from the book Ransomware and Cyber Extortion Response and Prevention to kind of guide our exploration. Sounds interesting, Yeah, it's pretty wild actually. I mean some of these stories are just crazy. For instance, right out of the gate, they open with this story about this law firm and they got a voicemail from hackers demanding
one point two million dollars. Oh, and these hackers had stolen five hundred gigle buys of data, client files, payroll, EHR records, you name it.
They took it and then they encrypted it.
Oh yeah, encrypted everything totally unusable.
So how much did it end up costing them? I mean, besides the one point too?
Well, that's the thing. The financial impact can be really crippling. It's not just the ransom, it's business disruption, potential lawsuits from clients whose data was compromised, oh, legal fees, the cost of recovering the data, implementing new security measures to prevent future attacks. It all adds up, it really does. And actually, the average cost of a ransomware attack in twenty twenty one was one point eight five million dollars.
Oh really, Yeah, so that's just the average.
Yeah, and that doesn't even include data breaches. If there's a data breach involved, that number goes up to four point sixty two million. Wow. Yeah, it's pretty scary stuff. But it gets even worse. These hackers they didn't just encrypt the data. They threatened to contact the law firms clients directly and leak sensitive information if the ransom wasn't paid. Oh wow, So you can imagine the kind of panic that would cause.
Yeah, that's crazy.
So before we go any further, I think we should define what cyber extortion actually is. The book outlines four main categories exposure, modification, denial info. Okay, so exposure, like in the case of the law firm, involves sealing data and threatening to release it publicly. Modification, on the other hand, is when hackers actually change your data, like maybe changing financial records or campering with sen set of information for their own game.
That's scary because even if you could restore your data from a backup, you would never be totally sure that it was accurate exactly.
And that could lead to some serious legal and reputational issues. Then there's denial, which is basically about shutting down your operations completely, so like ransomware that encrypts your whole system, or you know those ddalls attacks that flood your website with traffic and knock you offline. So that's why it's so important to have really good backup and recovery strategies.
If you have a plan in place to restore your systems quickly, you can at least minimize the impact of a denial attack.
That makes sense.
Yeah, it's kind of like having a spare tire in your car. Hopefully you never need it, but when you do, you're really glad you have it. And then finally there's foe, which is more of a deceptive tactic. It might look like a serious attack, but in reality it's more of a distraction, maybe to divert your attention while something else is going on in the background.
So you have to be really careful to figure out what's really going on.
Yeah, you don't want to jump to conclusions. We got to take the time to understand the nature of the attack and what the attacker's real motives are.
Like solving a puzzle exactly.
Okay, because we've got the different types of cyber extortion down, But why is this such a huge problem. I mean, it's not like these attacks are new, right.
Well, you're right, cyber extortion has been around for a while, but there are a couple of things that have changed recently that have made it much more profitable for criminals.
I have a feeling I know where this is going.
Cryptocurrency, you got it, especially Bitcoin, It's been a game changer for cyber criminals.
Hel soo.
Well, it provides a way to get paid that's almost impossible to trace, and it's irreversible, so it's like.
The perfect payment system for criminals pretty much. So you've got desperate victims willing to pay to get their data back, a payment system that makes it nearly impossible to track the criminals, and the potential for huge profits. It's no wonder this has become such a widespread.
Issue, exactly. And what's even more concerning is that it's not just a few loan hackers working out of basements anymore. Oh really, Yeah, it's become much more sophisticated. Cyber extortion is now an industry with a well defined business model.
So like digital organized crime.
Basically, these cyber extortion groups operate just like any other criminal enterprise. They have specialists for every stage of the attack.
I actually read about that in the book. It's kind of fascinating in a disturbing way to see how organized they are.
Yeah, tell me about it.
So you've got your initial access brokers. They're like digital lock picks, stealing logging credentials and selling them to the highest bidder.
And then you've got the ransomware developers.
Right, the masterminds behind the malicious software. And then of course you've got the negotiators. They handle the ransom demands, often using psychological tactics to pressure victims into paying.
Wow, so they really have thought of everything.
Yeah, and then you've got money launderers. They're responsible for cleaning the dirty money.
It really is like a well oiled machine.
It is, and it's pretty scary to think that there are people out there whose only job is to figure out how to exploit weaknesses and extort money from innocent people and businesses. Do you remember that group, the Dark Overlord pdo? Yeah, vaguely, you were back in twenty sixteen. Yeah, okay, they were one of the first to combine ransomware with data exposure.
What does that mean?
Well, it interes encrypt data. They stole it and threatened to release it publicly if they didn't get paid. Oh wow, And they targeted everyone, businesses, individuals, even a school district in Iowa.
What did they do to the school?
They not only encrypted their systems, but they sent threatening text messages directly to the parents. Oh my gosh, Yeah, it's awful. Imagine being one of those parents.
I can't even imagine.
It really shows how these attacks can have a huge impact on individuals, not just organizations. Yeah, scary and sadly, Tedo's tactics were just the beginning. What do you mean, Well, they paved the way for even more sophisticated groups like May's. What did they do well, they kind of took this double extortion model to the next level. The book talks about how they attacks Southwire. They're cable manufacturers, okay, and Mayze demanded six million dollars from them, and when south
Wire refused to pay, what happened? They dumped all the data they had stolen online. So it's not just about getting the ransom anymore, it's about causing as much damage as possible and exploring every avenue for profit.
It makes it so much harder to decide whether to pay the ransom or not.
It really does. But how do these attacks even happen in the first place. What's the most common way these criminals get in.
Well, one word comes to mind, phishing.
You mean those emails that try to trick you into clicking on links or downloading infected attachments, exactly.
And while some of them are obvious, others are really sophisticated, designed to look like they're from your bank or a store you shop at, or even your own coworkers. Wow, and just one click can give them access to your whole system, So like a digital trojan horse pretty much.
And once they're in, that's it.
Well, not necessarily, but to understand how to prevent these attacks, you need to understan how they work. The cyber attack kill chain. The kill chain, it's basically a series of steps that attackers usually follow.
Okay, So what's step one.
Entry That's how they get into your system in the first place. Like we said, it could be through a phishing email or maybe by exploiting a weakness in a remote access system.
Okay, So they're in What's next expansion.
That's where they move through your network, stealing credentials, disabling security software, basically trying to get as much control as possible.
Like digital spies exactly. So what happens once they have control.
That's when they move onto the priming stage. This is where they identify high value targets, steal data, and get ready for the main event, which yes, detonation. That's when they unleash the ransomware, encrypting files and demanding a ransom to restore access.
And by this point they've already stolen data, so even if you pay the ransom, you're still at risk of having that data leaked.
Exactly.
It's a double Whammie actually mentions this veterinary clinic that got hit by ransomware. Oh no, and you want to know how it started? How a phishing email disguised as a shipping notification.
Oh those are so easy to fall for.
I know, right, you're expecting a package, you see that email and you just click without thinking. It's so sneaky, And that's exactly what happened to the receptionist at the clinic. Oh no, she clicked the link and ransomware Wow, it spread through their whole network.
It's amazing how easily it can happen, it really is.
So what happens if, despite our best efforts, we find ourselves in the middle of a ransomware attack? What do we do?
That's where incident response comes in. Having a plan in place before an attack is crucial, so like.
A fire escape plan, but for our data exactly. So what does that look like?
You need to know who's in charge, how to communicate, what your insurance covers, and most importantly, how to make decisions quickly under pressure.
Because every second counts exactly, the longer they're in your system than or damage they can do.
A good incident response plan should have steps for containment, investigation, and recovery.
Okay, So containment sounds like damage control, right, What does that involve?
Basically stopping the bleeding, halting the encryption, preventing any more data from being stolen, resolving any denial of service attacks, and locking the attackers out of your systems.
So basically kicking them out exactly. Okay, and then what about investigation.
That's about understanding how bad the attack is, who are the attackers, how did they get in, what data did they take. We need to know those things to be able to stop the damage and prevent future attacks.
Okay, and then there's recovery, right, getting things back up and running.
Yeah, restoring your data and rebuilding your defenses.
That sounds like a lot of work.
It can be. It's not just about restoring data from backups. It's about rebuilding trust with your customers and reviewing your security practices.
Okay. So let's say we've done everything right, We've got a great incident response plan, but we still end up with a ransom day. Man, do we pay? Do we fight?
That's a tough question, it is. There are pros and cons to both.
The book actually talks about a company that was hit by a group called Twisted Spider. Okay, and Twisted Spider was known for targeting companies with good cyber insurance policies. Oh wow, Yeah, they were really sophisticated. They did their research, they knew who to target.
So what happened to this company?
Well, there's cyber insurance ended up paying a six hundred thousand dollars ransom.
Wow.
Yeah.
Does that mean it's a good idea to pay?
That's a tough question. Yeah, it raises a lot of ethical questions like does paying the ransom just encourage more attacks? Does it make cyber insurance less effective?
Yeah? Those are good questions.
Yeah, there are no easy answers. And even if you do pay, there's no guarantee that you'll get your data back. Really, yeah, you're basically trusting criminals to keep their work.
That's risky, it is.
And even if they do give you a way to decrypt your data, there's no way to know if they've left something behind, like what like some kind of malware or a back door that lets them back in later.
Oh wow, So you could end up paying and still be in trouble.
Exactly, And even if you do manage to recover your data, the damage isn't over.
What do you mean?
Well, the book talks about the long term consequences of a cyber extortion attack, like what like damage to your reputation, oh, lawsuits, regulatory investigations, and the ongoing cost of improving your security.
It's like a digital hangover that can last for years.
It really is. So I guess the big question is what's the most important thing our listeners should take away from all of this?
Well, I think the most important thing is that prevention is key. The best defense against cyber extortion is a strong cybersecurity.
Program, and how do we do that.
Well, that's what we're going to talk about in part two. Tune Welcome back to our deep dive on cyber extortion. Last time, we talked about how scary these attacks can be, but now we're going to shift gears a bit and talk about how to fight back.
You're hearing all those real world examples in part one. I was already to throw my computer out the window.
I know it can be overwhelming, but the good news is there are things you can do to protect yourself. Okay, good and you don't have to be a tech expert to do them.
So what's the most important thing?
Multi factor authentication. It's an extra layer of security for your online accounts.
So it's like instead of just a username and password, Yeah, you need something else too, like a code from your phone or a fingerprint.
Scam exactly that way, even if someone gets your password, they still can't get into your account.
Okay, So multi factor authentication is a must.
Absolutely. We els strong unique passwords for every account.
I know, I know, I know it's a pain, it is, but it's so important.
Because if one account gets compromised, they can get into all of them exactly. Okay, So how long should a password be?
At least twelve characters uppercase in lowercase letters, numbers, and symbols.
Okay, and no birthdays or pet names. But how am I supposed to remember all of those passwords?
That's where a password manager comes in.
Okay, what's that?
It's basically a digital vault that stores all your passwords for you. You just have to remember one master password to unlock the vault.
Okay, that makes sense.
And most password managers can even generate strong passwords for you so you don't have to come up with them yourself.
Okay, so password manager is on the list too, definitely. What else?
Be careful about phishing emails? Remember those are one of the most common ways attackers get in.
So how can we avoid falling for them? Always double check the sender's email address, look for misspellings or anything that seems off, and hover over links before you click on them to see where they really go.
Oh that's a good tip.
Yeah, And never open attachments from people you don't know, okay, And if something feels weird, just don't click.
Trust your gut exactly. What about software updates? Those are so annoying, I know, but they're important. Why.
They often include security patches that fix vulnerabilities.
So if I don't do them, I'm leaving myself open to attack.
Basically, it's like leaving your front door unlocked.
Okay, no more procrastinating on updates. Good? What about backups?
Backups are your lifeline if something goes wrong, if your data gets encrypted or stolen, a backup can save you.
It's like having an extra copy of everything just in case exact. So how often.
Should we back up regularly? And store your backups in a separate location like an external hard drive or a cloud storage service, and make sure you test your backups regularly to make sure they're working properly. Yeah, you don't want to find out they're not working when it's too late.
Okay. So we've covered strong passwords, multi factor authentication, phishing awareness, software updates, and backups. Is that everything?
It's a good start, But for larger organizations they need a more comprehensive approach, like what Well, they need to think about cybersecurity as a multi layered system. Okay, So the first layer is knowing what you need to protect what data is most important? Where are the points in your systems?
Okay, so like taking inventory? And then one then you need to put security controls in place, like firewalls to block unauthorized access and intrusion detection systems to monitor for suspicious activity. Okay, and you need to make sure your employees are trained on cybersecurity best practices.
So it's not just about the technology, it's about the people too, exactly, because people make mistakes.
Everyone does.
So what's the best way to train employees?
Well, there are lots of options. You can have in person training, online courses, even simulated phishing attacks so you could see how they would react in a real situation exactly. Okay, so training is important, it is. But what if all of this is just too much for a company to handle on their own.
That's when you might want to think about hiring a cybersecurity.
Professional like a consultant.
Yeah, they can help you assess your risks and develop a security program that's right for your organization.
Okay, that makes sense.
And they can also help you respond to an attack if one happens.
Because even with the best defenses in place, some attacks are still going to get through. That's right. So incident response is still important absolutely. What does a good incident response plan look like?
It should outline clear roles and responsibilities, communication protocols, escalation procedures, and steps for containment, investigation, and recovery.
So it's like a roadmap for dealing with an attack exactly, and it needs to be tested.
Regularly, right, just like a fire drill.
Okay, so we've covered a lot of ground we have. Can you give us a quick recap of the key takeaways?
Sure, use multi factor authentication, strong passwords, be careful about phishing emails, keep your software updated, have a good backup system, and consider hiring a cybersecurity professional.
That's a lot to remember.
It is, but it's all important.
I think the most important thing is to be aware of the risks, I agree, and to take steps to protect yourself absolutely, and to remember that you're not alone.
That's right.
There are resources available to help exactly, so don't be afraid to ask for help. Welcome back to our deep dive. It's the fine part. And we've talked about how these attacks work and the people involved and how to protect ourselves. Now I kind of want to talk about what happens after an attack. Even if you get your data back, what are the long term effects?
Yeah, that's important. I think people often overlook the psychological impact. Oh yeah, on both individuals and organizations.
Right, it's not just about systems and data. It's about trust and reputation and that feeling of violation, like having your personal space invaded. Even if nothing is physically stolen, you still feel vulnerable.
Yeah, you feel exposed.
And in the digital world it's even worse because your data is out there and who knows what these criminals are going to do with it.
It's a loss of control and that can be really unsettling.
The book talks about this school district that was attacked. Oh yeah, and not only did they encrypt their systems, but they stole sensitive student data, medical records, discipline files. Oh wow, it's awful. That's terrible because it's not just about the organization anymore. It's about these kids, right, and their information could be used for identity theft or blackmail.
It puts the school in a terrible position.
It does. Do they pay the ransom and risk funding criminal activity, or refuse to pay and risk having their students data leaked.
There are no easy answers.
There aren't.
It's a really complex ethical dilemma.
And then there's the legal side of things. Data breaches, reporting requirements.
It's a minefield. It is a lot of places have laws that require organizations to report data breaches, So.
If you don't report it, you can get in trouble.
Big trouble, fines, lawsuits.
And of course damage to your reputation.
And even if you're not legally required to report a breach, it might still be the right thing to do ethically, especially.
If it involves sensitive personal information.
So transparency is important.
It is.
It's about being honest with the people who were affected.
And taking responsibility.
But even if you do everything right, there's still going to be some damage.
That's true.
Cyber extortion can really hurt a company's reputation.
Yeah, it could make it hard to win back customer.
Trust, and it can have a big impact on their finances.
That's why incident response is so important.
It's not just about recovering from the attack. It's about managing the public relations fallout exactly. You need to communicate effectively, address people's concerns, and show that you're learning from your mistakes.
It's about regaining control and rebuilding trust.
What about law enforcement? Are they doing anything to catch these criminals?
Oh? Yeah, law enforcement agencies all over the world are working on this. Are they making any progress?
They are, But it's tough. These criminals are often in countries with weak cyber crime laws.
Or where they're protected by corrupt officials exactly. So it's an uphill battle, it is.
But there have been some big wins, some high profile arrests, takedowns of major ransomware gangs.
The book mentioned some new strategies. They're using cryptocurrency tracing, oh and sanctions.
Yeah, they're trying to cut off the flow of money.
Is it working.
It's hard to say. It's still early, but it's a step in the right direction.
So what's the future of cyber extortion? Is it just going to keep getting worse?
I don't think so. I think we're making progress. Well. More and more people are aware of the threat. That's good, and companies are investing more in cybersecurity, and law enforcement is getting better at catching the criminals.
So there's hope there is. That's good to hear. So just to recap cyber extortion is a serious problem, but it's not insurmountable prevention is key, have a plan in place, understand the risks, and remember that knowledge is power. I agree, the more we know about cyber extortion, the better we can protect ourselves in our businesses exactly, and that wraps up our deep dive into the world of cyber extortion. We hope you found it informative and maybe even a
little bit empowering. Remember, stay vigilant, stay informed, and stay safe out there and join us next time for another deep dive into a fascinating and important topic.