Cyber extortion might sound like the stuff of a Hollywood script, but it is a reality that more and more businesses are facing. At risk in a digital extortion attack is not only a company’s reputation and data, but also its ability to function and even its very existence.
In 2014, the popular social networking site Meetup.com suffered a denial-of-service-attack (DDoS) which flooded the site with traffic to make it crash. According to Fox Business, the cyber criminal requested a meager $300 to end the assault, which Meetup refused to pay, fearing doing so would lead to bigger extortion demands in the future. The site was down for 24 hours as a result.
While Meetup was able to quickly recover from its attack, the one against code hosting and project management services company Code Spaces had a much different ending. SC Magazine reports the Code Spaces attack started as a DDoS, after which the hacker demanded a large, undisclosed sum. When the company tried to change its passwords in an attempt to limit and reverse damage, it discovered the hacker had gained deep access to its network control system and was deleting data and even offsite backups. The attack was devastating.
Code Spaces said in a post on its web site that “the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility.” The company subsequently went out of business.
There is little consensus within the information security community on how to best deal with cyber extortion. A study by ThreatTrack found that only 30% of security professionals are willing to negotiate with cyber criminals, but that figure rises to 55% among those whose organizations have previously been cyber extorted.
Other cyber extortion attacks threaten to encrypt data on your network, and then only unencrypt it for a fee. Such was the case with the famous CryptoLocker ransomware, which was used in 2013 and 2014.
Strong IT security measures can make cyber attacks of all sorts, including cyber extortion, less likely, but nothing your company does will make you 100% safe. To think otherwise is simply naïve.
INSUREtrust recommends purchase of cyber liability insurance, which can mitigate the financial costs of a cyber attack. We have been cyber liability insurance experts for over 18 years, and every day we help large and small businesses obtain the right policies for their particular needs.
Internet insurance doesn’t have to be expensive, but it is money well spent. The premium cost for a cyber insurance policy can be as little as $1000 for a $1 million policy limit.