Researchers Block Two Million Extortion Emails Daily
Users urged to beware attempts to steal and obtain cryptocurrency
Stay updated on cyber extortion trends: threats, prevention tips, and incident responses. Protect your data with the latest info on digital ransom tactics.
Search across headline titles and summaries.
Background for this topic.
Extortion is coercion through threats: an attacker demands money or another concession while threatening harm if the victim refuses. In cybersecurity, this commonly involves encrypting systems and demanding payment for recovery, stealing data and threatening to publish it (often called double extortion), or threatening service disruption. The threatened harm may be real, exaggerated, or based on data the attacker did not actually obtain; payment does not guarantee data deletion, secrecy, or restoration.
Security teams should treat an extortion demand as a potential incident: preserve evidence, isolate affected systems, determine whether data was accessed, and involve legal and privacy specialists where notification or regulatory duties may apply. Offline, tested backups can reduce leverage from encryption, but they do not address stolen information. Reviewing exposed remote services, credentials, and unpatched internet-facing systems can help contain the access path, while threat intelligence may help assess the attacker’s claims and identify related activity.
Users urged to beware attempts to steal and obtain cryptocurrency
Organizations can no longer rely on traditional responses to ransomware.
The innovative ransomware targets NAS devices, has a multitiered payment and extortion scheme as well as a flexible configuration, and takes a heavily automated approach.
Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example
Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. [...]
In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.