Select your country

Not finding what you are looking for, select your country from our regional selector:

Search

Cyber extortion threat: How to protect your business

 

Diana Selck-Paulsson

Lead Security Researcher

The cyber threat landscape is more complex than ever, with technologies like Generative AI exacerbating our anxiety. Our latest research finds while the threat landscape continuously evolves, threat actors stick with what works. The impact and victim experience of a full-blown cyber extortion (Cy-X) attack can be devastating.

In March 2024, a Belgian beer manufacturer was hit by a cyber-attack, causing a complete halt in production. To prevent a “national emergency”, the brewery was forced to reassure the nation that it had a large stock of beer to rely on. More recently in UK, a cyber-attack on health organization had to postpone thousands of surgeries in multiple London hospitals.

Unfortunately, these examples are not an exception. Around the world, similar cyber-attacks have a significant impact on companies, individuals, and society at large. According to Orange Cyberdefense’s recently published CyXplorer 2024 report, cyber extortion remains the most worrying form of cyber-crime for businesses. “Ransomware” is a more familiar term - referring to malicious software used to encrypt compromised systems – but “cyber extortion” describes the broader crime committed as threat actors steal and threaten to release data on dark web leak sites. That is unless the victim pays a ransom, which is something we advise against as it helps to sustain the cyber extortion ecosystem.

Small businesses impacted four times more often

One of the most striking findings in the report is the fact that small businesses (under 1,000 employee count) are now impacted four times more often than their larger counterparts. As this is an opportunistic form of crime, cyber-attacks impacting small organizations may partly be explained by the fact that small businesses are less resourced and more vulnerable, but largely because most businesses are within this size group. A third factor contributing might be that small businesses are less able to pay ransoms, resulting in them being shamed on leak sites more frequently. Consequently, the sheer number of potential victims, their higher level of vulnerability, and their inability to settle ransoms make small businesses the most frequent victims.

To underscore how big the cyber extortion problem has become, here are some additional statistics from our report. Over the past twelve months, there has been a 77% year-over-year growth in the number of identified victims of cyber extortion. In the first quarter of 2024 alone, we recorded 1,046 victims. These figures are the result of careful screening of leak sites on the dark web by our security researchers & cybercrime analysts. Because they appear on leak sites, most victims have most likely declined to pay the ransom, while those that paid were spared the public naming & shaming exposure on the darkweb. According to our analysis, the actual number of victims is likely to be 50% to 60% higher than what we can observe in this way.

Meanwhile, the moral boundaries of threat actors appear to be collapsing. When the pandemic began four years ago, one of the most prominent ransomware families, Maze, declared that they would not target hospitals or other essential organizations. Recent attacks on multiple high-profile healthcare providers prove that something has definitely changed. In fact, our research shows that Healthcare and Social Assistance is now the third most targeted industry, with a 160% growth YoY. Manufacturing remains the most impacted of them all.

AI, a new driver for worse?

Unfortunately, experiencing a cyber extortion attacks once does not mean your business is off the hook. On the contrary, the CyXplorer report reveals a worrying trend of organizations experiencing extortion multiple times. We have observed more than 200 occurrences of “revictimization” – 39 in early 2024 alone. In these cases, a victim is listed on a leak site after a compromise, then listed again by the same or a completely different cyber extortion brand and thus leaksite on the darkweb. Such revictimization doesn’t necessarily imply another technical compromise. There are other scenarios that also seem reasonable when trying to answer why we observe re-victimization. One such example is when we see data “travelling” and being re-(mis)used by threat actor. Another very highly scenario is when an affiliate works with several Cy-X operations and tries to amply their attack by posting it to several well-known Cy-X brands. Some victims have been published even as much as three times on dedicated leak sites by different Cy-X operations, showing how persistent the threat can be and how horrific and long-lasting the victim experience is in some cases.

Geographically, cyber extortion mostly targets English-speaking regions, with the biggest increase this year in the United States, the United Kingdom, Canada, and Europe. The economic size of the country and the native language are two key factors in this trend. However, this may soon change as artificial intelligence (AI) and generative AI (GenAI) enter the scene. Although our data does not yet reveal a significant impact of GenAI on Cy-X attacks, we should expect it to further expand the scope of cybercrime, allowing attackers to produce more realistic phishing attacks, and enabling them to engage with victims from diverse cultures and regions of the world.

Cyber Experience Center

What can you do to deal with this ever evolving and expanding threat landscape? Are you certain that your business is resilient in the event of a cyber-attack? CISOs are often struggling with this task as they need to do more with less resources. In many organizations, cybersecurity is still not getting the attention it deserves. Preparing for a cyber crisis should be as entrenched as preparing for a potential fire. You need a plan and a team with people who are accountable to take decisions in such a scenario.

Cyber extortion attacks inflict many different forms of harm (loss of customers, declining brand value, reduced competitive advantage, etc.), beyond the financial damage of a potentially paid ransom demand. As with natural disasters, these kinds of occurrences require a sort of has preparedness to identify and defend against.  

Orange Cyberdefense developed a unique Cyber Experience Center in its office in Antwerp. Think of it as an extensive fire drill where we simulate a cyber-attack on your company. What questions do you need to ask in this scenario? And even more importantly, what answers should already be available when disaster strikes.

The Cyber Experience Center has opened the eyes of hundreds of board members who have since decided to invest in robust security. At Orange Cyberdefense, we consider it our mission to make companies aware of emerging threats through training, detection, and risk analysis. With over 3,000 multi-disciplined experts across the globe and certifications in several countries, we are on top of everything that happens in the cyber world.

Ready to strengthen your defenses against cyber extortion? Read our Cy-Xplorer 2024 report and contact us if you want to visit our Cyber Experience Center.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT