Cyber extortion is a growing threat. We have talked a lot about ransomware being used for extortion, but it is not the only means of cyber extortion.
Most ransomware attacks are random. Anybody who accidentally falls into the trap has to pay a ransom. There are attacks that are carried out in an extremely planned manner. Cyber criminals can team up to execute their malicious intent successfully. The intent could be extortion, terrorism, revenge, or bringing down the competition. Hackers can use legitimate tools, including malware in combination with social engineering, to carry out such attacks. Sometimes these kinds of attacks are termed as advanced persistent threats (APT) attacks. Here, we will be talking about APT attacks that deal with cyber extortion. We will also talk about other tools that are involved in cyber extortion.
Data is as precious as gold today. Your personal pictures, videos, your documents, salary slip, is the data you care about. If you work in a software company, the source code is the most confidential data for your company. If you are a banker, the records of your customers are something you need to keep secret. For hospitals, records of the patient are highly critical. Hackers always look out for an opportunity to hijack these kinds of data and cash in on the opportunity to extort in return for the data. Ransomware is one way of hijacking data. Another way is stealing the data and threatening to leak it if the ransom is not paid on time. This kind of attack can be called a data theft attack.
There are businesses that are highly dependent on their services hosted online. It's important that their servers are up and running smoothly during their business hours. Stock markets and casinos are examples of such institutions. They are businesses that deal with a huge sum of money and they expect their servers to work properly during their core business hours. Hackers may extort money by threatening to take down or block these servers during these hours. Denial of service (DoS) attacks are the most common methodology used to carry out these kinds of attacks.