Technological Extortion is on the rise with no end in site! From Ransom-Ware to Distributed Denial of Service (DDoS) Attacks, companies are finding themselves targeted and often don't know what to do!
Businesses and individuals have been extorted for centuries so that's nothing new, what's different is that it used to require some tough guys to come into your store or visit you at home and make you an offer that they felt you couldn't refuse! In the past you had some choices, pay the money, call the cops or get your own tough guys to make it too expensive or painful for the extortionists to bother you.
Today, most businesses don't have very many choices. Too often the bad guys are launching their scheme from the offices of a rouge nation like N Korea or Iran, from a data center in the country that doesn't have much fear or respect for the USA or even a cave half way around the world! We can't fight back because we have no clue who to punch, Law Enforcement doesn't have jurisdiction or the Extortion is too small to get Federal Attention. We are often left with few choices, pay, prepare as best we can before it happens and/or play damage control!
For Ransome-Ware, a good backup strategy and staff training will go a long ways toward helping to mitigate the risks.
For DDoS type threats, first try to not be part of the problem and have a good Anti-Virus and firewall solution in place to prevent your computers from being used against others! If you are threatened with a DDoS attack, contact either the Secret Service or FBI in your city, as not all threats originate overseas and your situation may be part of a bigger picture. Additionally, contact your Internet Service Provider (ISP) as soon as you are threatened to prepare them to be able to assist.
Law enforcement doesn't recommend that you pay the ransom for a number of reasons. First, paying encourages the bad guys to targeting other organizations. Second, if you pay you are at the top of the list the next time around to get re-targeted by the same low lifes. Lastly, the success of one group of criminals goes a long way to encourage more groups to get into the lucrative business!
For more information about DoS and DDoS attacks see the US Cert Security Tip: https://www.us-cert.gov/ncas/tips/ST04-015
By Leo Bletnitsky, President & Senior Consultant, LBA Networking, Inc.
