The new “double extortion” crime

George P. lives in Finland. Years ago, he went through a divorce and found out he had a terminal illness.

George was depressed and down on life. He knew he needed to talk to someone about what he was going through, so he visited a therapist.

He contacted a well-known company that operates over 25 offices in Finland.

During the therapy sessions, George shared details about his personal life and health issues.

Eventually, George felt he no longer needed to visit a therapist. But it wasn’t the last time he would hear from the company.

The company that operates the therapist’s office was attacked by hackers.

The company’s internal system was accessed, and data was stolen. This included data on 400 employees and information on 40,000 patients.

The stolen data included addresses, contact info, ID numbers and therapist’s notes.

At first, the hackers demanded a $400,000 ransom payment from the company. Next, the hackers demanded ransom payments from individual patients.

The hackers demanded payment from patients within 24 hours. If they didn’t pay, the hackers increased the ransom amount.

If the patients still didn’t pay the ransom, the hackers threatened to release the contents of their patient files, including the therapist’s notes.

The hackers claimed they would publish the data of 100 patients each day until the ransom was paid.

Eventually, the criminals released over 300 patients’ information including public officials’ data.

George said…

“The fact that someone, somewhere knows about my emotions and can read my intimate files is disturbing, but this also affects my wife and children. Somebody knows, for example, how they’ve reacted to my cancer.”

The ransomware attack against the therapy company was massive. But it also showed the hackers are no longer simply going after the company itself.

Instead, they are going after the patients and customers as well. This demonstrates an escalation in tactics by hackers.

More than 25,000 patients received threatening emails from hackers demanding ransom payments, and about ten patients paid the ransom.

This type of cyber-attack is often called a multi-extortion technique. The hackers tried to extort money from thousands of people, not just a single target.

This method of cyber-attack is growing more common because hackers can get a bigger payday.

That said, here are a few of the factors you need to be aware of that can make you a target of these types of cyber-attacks.

It’s about the money:

The most common motivation for hackers is monetary gain. Many hackers try to steal passwords and bank accounts to steal your hard-earned cash.

If hackers can’t get into your bank account, they might try to sell your data online. This could lead to criminals who want to use your information to steal your identity.

Lastly, hackers use stolen data to extort money. As the case above shows, the more people they can extort, the bigger the payday.

The most important thing you can do is to make sure your bank account passwords are secure and that you always use a VPN (virtual private network).

Politics:

The second most common factor motivating hackers is politics.

Also called hacktivism, some cybercriminals are trying to start a political revolution.

Most hacktivists try to express their opinions and create awareness.

And if you are involved in politics, or outspoken about your viewpoints, and fall afoul of a hacktivists political bend, you could be a target.

The good thing is that many hacktivists target terror groups or other criminals. But that’s not to say they never go after the good guys or even your local politics.

If you are involved in politics, you could be a target.

Inside threats.

Hackers can carry out their crimes from all over the world.

But, one of the ways that many people fall victim to cyber-attacks is from insider threats – in other words, the cyber-attack is personal.

These threats could be from co-workers, employees, vendors, contractors, or an ex-romantic partner.

Someone who knows you could be helping or could be carrying out a cyber-attack.

My point is, if you are the victim of a cyber-attack look at those who are around you. Is there a co-worker who was recently fired that has your personal information?

Remember the Sony cyber-attack in 2014?

It was started by a disgruntled employee. Be very leery of friends or co-workers that could be seeking revenge.

You should be updating your passwords and changing access each time an employee or friendship ends.

Cyber-attacks are more complex today than ever before.

But some things can make you an attractive victim for hackers.

Leave A Reply

Your email address will not be published.