Executive Extortion: The Evolution of Ransomware

By now everyone knows that ransomware is a real threat with real risks to businesses of all sizes. What you may not know is that hacking techniques are evolving and ransom payments are going up. ZDNet reports a new trend where cybercriminals directly target the computers of top executives at small and mid-sized companies. Executive computers are much more likely to contain sensitive information about the company as well as personal information that a CEO would not want to see on the internet. Gaining access to these computers is highly valuable for pressuring management into approving high-dollar ransom payouts, which means that executives are even more of a target and should consider taking extra steps to secure their information. 

Cybercriminal groups are well aware that small and mid-sized businesses have generally not implemented cybersecurity best practices. This makes SMBs easy to infiltrate and allows cybercriminals to spend an average of 200 days inside a network undetected. While in the network, they can sift through executives’ files and emails in order to exfiltrate data that might be useful in threatening, embarrassing, or putting pressure on a company’s management. Cybercriminals might find proprietary company data, financial numbers, or compromising personal information and threaten to post them to online leak sites. They might also plan to disclose the data breach to authorities, which causes reputational damage and may also incur a fine from regulators. 

By now every business needs to conduct a cybersecurity assessment to understand their largest vulnerabilities. TechMD recommends following the NIST Cybersecurity Framework and the CIS Top 20 Controls. In the meantimehere are a few simple steps that every executive can take right now to protect themselves from cybercriminals:

1) Use complex and unique passphrases on your accounts 

Because trying to come up with and remember unique passwords for hundreds of different accounts is impossible, most people use one simple password for everything. However, this presents a huge security vulnerability: cybercriminals can easily breach accounts via brute force (working through a list of commonly-used password combinations) or find passwords in one data breach and reuse it to compromise unrelated accounts (since the password is likely to be identical). 

To address this issue, we recommend creating complex passphrases instead of a passwords. Passphrases are long strings of words that are easy to remember but hard to brute force—an example might look like George loves breakfast!”We also recommend using a password manager like LastPass or Dashlane to generate complex passwords and store them for you. This combination of a single master passphrase to access your password managers and automatically-generated complex passwords for all your other accounts should keep you safe from most simple password breach attempts. 

2) Set up Two-Factor Authentication on everything 

Even if you have a strong passphrase and unique passwords across all your accounts, you’re still vulnerable to a third-party suffering a data breach and releasing your information. To combat this, it is critical to enable Two-Factor Authentication (or 2FA) on all your accounts. 2FA works by creating an extra layer of security by validating your logins with a text message or app prompt on your smartphone. 

Symantec recently published a study that showed that two-factor authentication could have prevented over 80% of all account compromises. This makes 2FA one of the single most important things you can do to protect yourself and your business from cybercriminals. To see 2FA in action, you can check out our recent One-Minute Wednesday on how to get started with two-factor authentication. 

3) Understand how to identify and avoid phishing scams 

Phishing is a common cyberattack where a cybercriminal sends an email that looks like it’s from a legitimate institution or company in order to trick the recipient into divulging personal information, wiring money to an offshore account, or install malicious softwarePhishing emails usually mimic the logos, web addresses, and language from real companies in order convince you that the email is legitimate. Phishing emails can also be highly targeted—cybercriminals often do background research and send extraordinarily specific emails that appear to be from clients or close associates, which include information that you wouldn’t expect anyone else to know. 

Here are a few things to keep in mind about phishing: 

  1. Never click on links or open attachments from suspicious-looking emails, especially if they are asking you to enter login credentials. 
  2. Keep an eye out for unusual requests or other odd features about an email. Common phishing tactics include sending emails from a “personal email” because the sender is “locked out” of their work address, instilling a sense of urgency or claiming an emergency in order to bypass the recipient’s natural suspicion, and claiming to be too busy to discuss the email further or clarify the request. 
  3. If you’re not sure that an email is legitimate, always reach out to the sender directly. Call them to confirm they sent the email, or ideally discuss it with them in person. 

Stay Safe! 

Executives and management teams are increasingly the targets of highly sophisticated cybercriminals. If you’re in a high-level position in your organization, it’s critical that you take extra caution when it comes to cybersecurity. 

However, it’s not enough to protect yourself if your business doesn’t also have a robust cybersecurity strategy in place. The best way to find out how secure your business is today and get the best ROI on your cybersecurity spending is to perform a Security Maturity Level Assessment (SMLA). Developed to follow the globally-recognized NIST Cybersecurity Framework, the SMLA provides a big-picture look at your business’ cybersecurity along with specific, detailed recommendations about how to improve. 

If you have any questions, feel free to contact TechMD or check out our managed cybersecurity page! 


Subscribe to TechMD Insights

More Posts

Skip to content