Ransoming Online: The New Kidnap and Ransom

By Drew M. Smith

Vol.1 Oct. 2015

In the past when you thought of “ransom”, you often thought of people being held hostage and a demand of money for the captives to be released safely. Sadly, data is worth more than people in today’s world. The newest emerging threats are cyber thieves that continue to evolve ways to steal and gain access to data. Unfortunately, like many other breaches in the last year, cyber ransoming has rapidly become one of the largest instances of fraud and it is quite easy for them to pull off.

Cyber Ransoming occurs in essentially four steps:

1. Gain Credibility

First, through cyber phishing and spear phishing, the hacker will go through your publicly available information like websites, social media, press releases and legal filings. Through this they are looking for people, businesses, or associates that are close to you in order to build a legitimate relationship with you and gain your trust. They want you to go through to sites that will make you want to put your information in. E-mails like this come from places like Nigeria, Liberia and other countries pop up all the time asking for money, but they can also come from companies such as your bank, your credit card company, alumni associations or other supposedly credible sources. This is one of the ways they will get you to show information. In the APWG report for the first quarter of 2014, there were a reported 125,315 unique phishing attacks. That’s a 10% increase from the previous quarter in 2013 and the second highest in the first quarter in agency’s history.1

2. Convince you to allow them access to your information

After establishing this trust, the next step is to convince the victim to let them into the system. Most sensible people would not let any unknown person into the system, but these hackers having used their phishing attacks to look at your personal information can disguise themselves as someone you might know such as your CEO, your accountant, your credit card company or even your bank. In one recent example, an insurance broker received an email from a potential client that he had begun corresponding with. He opened the e-mail and the attachment; expecting it to be an application for insurance. What he got was a virus that latched itself onto his desktop and the hacker was in. Thanks to quick actions, the virus was limited to his computer and not the rest of the network. It does not have to be an e-mail either. A person could see a jump drive attached to a key chain on the ground, be the Good Samaritan pick it up and put it in their computer to find the owner and viola, easy access to the system.

3. Stealing and encrypting your information for money

After latching onto the computer, the virus will send a signal to the hacker and he inputs the code to lock or encrypt the computer itself. With the computer encrypted, the hacker would have the capability to access any files on the computer and makes sure you don’t. Worse is that with one computer hacked and or encrypted they can access other computers on the same network. You can create other files but they will be encrypted just the same. There is no way of purging this unless you pay the required ransom or purge the hard drive.2

4. Demand a Ransom

Once the files are encrypted, the hacker sends a message to the victim stating they need to give a certain amount of money in order to get the password to decrypt the computer. The amounts vary and so do the ways of dealing with it. They can range from as low as $350 to over seven figures in amount. The more disturbing thing is when these hackers do not ask for money. They would want the ransom in Bit Coins. This digital currency is untraceable, fluctuates in value and bypasses US Banking Controls. A Massachusetts police force was forced to pay this way after getting hacked via the Cryptolocker virus.3

Given the request is often for minimal amounts, often victims just pay the ransom. With the larger amounts especially in the millions, it can be extremely costly to get the servers freed up or purged of the virus. It all depends on the value of data breached. In the Ashley Madison hack, the hackers demanded the site shut down to keep the over 37 million names secret. When they didn’t, the names were released and the fallout is still being felt with several employees from a number of high profile companies being included in the breach.4

As we continue to be cyber connected, these cyber thieves will continue to find more creative ways in order to gain access and cause harm. These ransoms will continue to rise and become harder to trace. Some of these instances are insurable, and some are not. We suggest every company have a cyber check-up and speak with a licensed qualified cyber broker about how to best protect and insure your assets.

This article does not constitute legal advice and is the opinion of the author. Consult your attorney and licensed insurance broker before making any changes to company policy.


1http://docs.apwg.org/reports/apwg_trends_report_q1_2014.pdf
2For more information on the cryptolocker http://www.universityherald.com/articles/5199/20131026/crypto-locker-virus-new-aggressive-computer-virus-demands-ransom.htm
3http://www.theguardian.com/technology/2013/nov/21/us-police-force-pay-bitcoin-ransom-in-cryptolocker-malware-scam
4http://advisorhubinc.com/merrill-lynch-leads-ashley-madison-hack-stats-others-included/

Uncategorized, Risk Management, Insurance Articles, Privacy/Network Security, Professional Liability