The blog about your IT security

Digital extortion: correct behavior before and after a cyber attack

Growing digitization and the increasing degree of networking in companies go hand in hand with high potential. Many processes can be automated, silos closed and synergies exploited. But where there is light, there is also shadow – and in the case of cybercrime, extorting ransoms in the digital space is an extremely lucrative business. The German Federal Criminal Police Office states that of all the modi operandi in the field of cybercrime, digital extortion – through so-called ransomware, also known as encryption or blackmail Trojans – has the highest malicious potential.

According to data from the digital association Bitkom, ransomware attacks in 2022 claimed the lives of around 12 percent of the companies affected by cybercrime this year. Fatal: It has long since ceased to be individual hackers who are highly skilled in information technology who put ransomware into circulation. Rather, the malware can be acquired by means of so-called crimeware kits. In this way, criminals without IT expertise can put together malicious programs according to the modular principle and threaten companies.

How criminals use ransomware for cyber attacks and digital extortion

In the event of a ransomware attack on companies, system access is blocked and data is encrypted so that the company is virtually unable to act digitally. In addition to the company’s own data, this often puts the data of suppliers and partners at risk.

As with all malware and DDoS attacks, there are different ways that cyber extortionists get their hands on. In addition to infected software or movies that hackers post on the Internet for free download, phishing is a popular way to cause as much damage as possible to a company. Cyber criminals send out emails that look deceptively similar to those from reputable sources such as banks, online marketplaces or telecommunications providers and call for downloads or data entry.

Fatal: Security vulnerabilities in official software products such as video players or desktop applications can also be used by cybercriminals to infiltrate ransomware – in this case we speak of so-called supply chain attacks.

Unsecured IoT devices also pose a great risk in the age of rapidly growing networking possibilities. For example, even the smallest infected parts, such as cameras, can cause great damage, as the malware can spread laterally from there across the entire network.

Especially for people with little technical knowledge, the so-called tech support scam is a great danger. Under the pretext of providing IT support, cybercriminals gain remote access and then infiltrate the computers with ransomware.

Detect cyberattacks: These can be clues

In terms of typing, cybersecurity experts essentially distinguish between two different types of ransomware. On the one hand, there are so-called screenlockers, which lock the screen, display extortion letters and make further actions on the part of the victim impossible. On the other hand, there are file encryptors that encrypt the data on the computer and take valuable files and folders as “hostage”. A release is supposed to happen only against a ransom payment. What remains is the notice with the call for a ransom – a notice that victims cannot close on their own.

Effective safeguards to prevent digital extortion

The best protection against ransomware and the prevention of cyber extortion is regular updates, a comprehensive, holistic security solution, and security awareness training and continuing education for employees. Only if employees are aware of the current cyber threats and know which gateways hackers use can they actively prevent emergencies.

Are you being extorted? Correct behavior in an emergency

“Losing control of their own data can be just as damaging to business for small companies as it is for large ones. For example, if they can no longer access their own customer data, invoices or inventories, it doesn’t take long for small companies in particular to become insolvent. That’s why these companies in particular are often willing to pay the ransom sums demanded to the blackmailers in order to be able to resume operations quickly,” knows Matthias Nehls , managing partner and founder of DGC.

The expert strongly advises against ransom payments. The digital association Bitkom also advises: “In the case of ransomware, the following applies: Attacks can be averted through technical precautions and employee training. And anyone who has up-to-date backups and draws up an emergency plan can at least significantly reduce the damage of a successful attack,” says Bitkom President Achim Berg. Under no circumstances should a ransom be paid, as this would in no way guarantee the release of the undamaged data and would also motivate perpetrators to carry out further attacks. True to the motto: “Who pays once…”.

Instead, companies that notice data encryption should disconnect the affected systems from the network as soon as possible and consult experts such as DGC. As part of a well-structured incident response management, “first aid” can then be provided directly, so that companies are quickly operational again and even better protected for the future.

Report cyber extortion: How to inform police and victims

If a company notices ransomware in its systems, it needs to act quickly. The BSI recommends that affected companies file a report with the police immediately.

Likewise, according to Article 33 of the General Data Protection Regulation (GDPR), a report must be made to the responsible supervisory authority. Employees must also be informed immediately in the event of an attack, as they must change their login data as quickly as possible.

First aid for digital extortion: Minimizing the impact of the attack with incident response

In addition to the agencies mentioned above, a cyber security expert such as DGC should be consulted immediately after the attack is discovered. As part of a comprehensive incident response service, the professionals provide support in disconnecting infiltrated devices directly from the network, identifying the malware that has been introduced and initiating appropriate countermeasures. Of course, the focus is on rapid data recovery and unlocking of the compromised systems.

Digital extortion: Our conclusion

Digital extortion in the form of ransomware has increased sharply in recent years. Thanks to technological progress, cybercriminals today do not even have to be IT professionals themselves, but can buy the malware as a perfidious “service” on the darknet. This is a great danger for companies, which makes important protective measures indispensable. In addition to intensive training of all employees, for example through regular security awareness training, and the use of a high-performance security solution, regular data backups should be standard. It is important that companies take a holistic view of cybersecurity – because security breaches always affect an entire ecosystem with all its participants – IT, employees and customers.

DGC provides support in this regard: “Whether monitoring vulnerabilities and IT infrastructures, effective attack monitoring and defense, or preventive emergency strategies: our concern is to create transparency and resilience in order to identify risks at an early stage and to secure networks and publicly accessible systems against hackers, malware, and data leaks,” summarizes DGC Managing Director Matthias Nehls.

After all, as perfidious as cyberattacks are, they will continue to be averted or limited in scope in the future with the right measures and the right prevention.

Follow us on

Subscribe to our newsletter on the topic of cyber security

With our Cyberletter you are always up to date - about vulnerability reports, current IT threat scenarios and other relevant news from the field of cyber security and data security.

With the registration I accept the handling of my personal data (§13 GDPR) and agree to the privacy policy.