Author: Enterprise Canada | Date: 24 September 2020
TORONTO, September 23, 2020 – When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks, but one of their favourites is extortion.
It’s important to remember that blackmailers don’t just stick to one scheme but will employ multiple methods of extortion to try to force victims into doing their bidding – be it paying them a handsome sum or even performing tasks on their behalf.
Here is a list of five ways cybercriminals can try to extort you:
Ransomware is by far one of the best-known examples of extortion employed by hackers around the globe. The basic premise is that your device will be infested by ransomware using one of the various tactics hackers employ, such as duping you into clicking on a malicious link found in an email, posted on social media or shared with you through a direct instant message.
After the malware makes its way into your device, it will either encrypt your files and won’t allow you to access them or it will lock you out of your computer altogether, until you pay the ransom. Some ransomware groups have begun using a form of doxing, where they go through your files looking for sensitive information and threaten to release it unless you pay an additional fee. This could be considered a form of double extortion.
You should never pay when faced with ransomware, but you should check if a decryption tool has been released for the ransomware strain that has infested your device. For additional advice on protecting against ransomware attacks, you can check out our excellent, in-depth article Ransomware: Expert advice on how to keep safe and secure.’
Hack and extort
The extortionist will infiltrate your device or online accounts, go through your files looking for any sensitive or valuable data, and steal it. Although it may echo ransomware in some respects, in this case, the breaking-and-entering of your device is done manually. The target then receives an email threatening to expose this data unless they pay up, listing examples for added effect.
To protect yourself, you should consider encrypting your data and adequately securing all your accounts using a strong passphrase, as well as activating two-factor authentication whenever it is available.
Sextortion relies on a threat of exposure of sexual material about the target. It can start as an apparent romantic dalliance through a dating platform, until the criminal gains their victim’s trust, convincing them to leave the platform for a regular messaging service. This is done to avoid triggering the security mechanisms dating apps use to detect potential scammers. Once off the dating platform, they will try to coax the target into sharing intimate photos or videos, which will then be used to blackmail the victim. Alternatively, hackers can opt for hacking a victim’s computer and hijack their webcam to secretly watch and even take salacious snapshots or voyeuristic videos of them.
Sending any kind of risqué photos to anyone is ill-advised, even someone you trust, since you can’t rule out that their devices or accounts won’t be compromised, and the sensitive photos leaked. Keep your devices patched and up-to-date as well as use a reputable security solution to mitigate the risks of being hacked.
While not sextortion per se, scammers also like to engage in scams that consist of bluffing, rather than having any damning evidence, to scare you into paying. This scam isn’t very sophisticated and consists of an email accusing you of visiting a pornographic website, with the fraudsters claiming that they have both a screen-recording of the material you watched and a webcam recording of you while watching it. Unless you want them to release the material you have to pay up. A good spam filter can help protect you against this type of scam.
Distributed denial of service attacks (DDoS) against businesses are not uncommon and are often deployed by cybercriminals to cripple their target’s ability to provide services. To boost their illegal income, they often offer their services on DDoS-for-hire marketplaces. During these attacks, cybercrooks use a large number of machines organized into a botnet to flood a target with requests, which leads to their systems crumbling under the onslaught, effectively taking them offline. Attackers can keep this up for days at a time, which could mean hundreds of thousands of dollars lost in revenue for some businesses.
Setting up a firewall that will block access to all unauthorized IP addresses and registering with a DDoS mitigation service can protect you from DDoS extortion schemes.