Ransomware and Extortionware: What’s the Difference?
Though the Internet boom of the last twenty years has proven to be positive in many ways, there are also some drawbacks. In particular, this technological advancement has also created an explosion of...
Though the Internet boom of the last twenty years has proven to be positive in many ways, there are also some drawbacks. In particular, this technological advancement has also created an explosion of Internet hacking, including new forms of cybercrime such as accessing and downloading sensitive data from victims’ computers for blackmail purposes.
Ransomware and extortionware are the two specific types of illegal activities that are becoming more common. Though ransomware is a problem many businesses and individuals alike have faced in the past, extortionware is a relatively newer form of hacking that is quickly gaining in popularity among the criminal elements in society.
You need to know what each threat is and how they can be avoided in order to properly protect your business from these sorts of criminal activities.
What is ransomware?
Ransomware, also known as “data kidnapping,” is a virus that hackers download to the user’s computer. The ransomware virus usually attacks a computer in one of three ways:
- Stealing sensitive data
- Denying the user access to a common app such as an internet browser
- Locking down the user’s computer
Once the ransomware virus infects your system, the hacker will demand some form of compensation from the victim, usually in the form of cash. The computer will not be restored to its original state until the criminal’s demands are met.
A recent example of ransomware is CryptoLocker, which targeted users in Australia. Hackers sent CryptoLocker using email, claiming to be failed package delivery notices from the Australia Post Office. Victims were directed to a web page where they had to enter a CAPTCHA code, and from there the Trojan Virus was downloaded. Thousands of people in Australia fell prey to this ransomware virus in the fall of 2014.
What is extortionware?
Extortionware is the riskier and more profitable hack compared to ransomware. This can be particularly lucrative for criminals who target larger companies. When businesses or individuals are threatened by extortionware, usually sensitive information is stolen by a hacker and copied to his or her hard drive. After stealing the sensitive data, the hacker then threatens to leak that information publically unless certain demands, usually monetary demands, are met.
A recent example of extortionware is the Ashley Madison hack in the summer of 2015. Ashley Madison, a website enabling extramarital affairs, was hacked by a group called “The Impact Team” who demanded that the website shut down. When Ashley Madison did not do so, the hackers leaked user all the user data information to the public. This caused major embarrassment to several public figures.
What is the difference between ransomware and extortionware?
Though both forms of viruses involve hackers stealing sensitive information, they differ in how the criminals use the information. Where ransomware threatens to permanently delete the sensitive information unless needs are met, extortionware threatens to leak the information to the public.
What can be done to avoid these forms of hacking?
The most important thing you can do to protect yourself against these forms of hacking is always backup the data. Preferably, this backup would not be on another computer but instead on an external hard drive or through a secure cloud service.
Unfortunately, backing up computers’ data won’t fully protect you from extortionware. You will need to take more precautions, such as encrypting any sensitive information in order to render it unusable when hacked.
Businesses should have a comprehensive information security program in place including current business continuity and disaster recovery plans. This will further help protect you from these sorts of hacks.