Cybercriminals using technology to extort ransom money is beginning to look like an emerging trend.
There have been a few examples of this tactic being employed over the past few months:
The above three examples seem to suggest we are entering an era where criminals attempt to exhort “money with menaces” using technology alone.
With all of this in mind, it was interesting to see a report from over the summer claiming that cell phone manufacturer, Nokia, had also been the victim of a ransom demand and had given in and paid up.
The story was reported in the BBC news on 18th June, following a report on Finnish TV channel MTV (not to be confused with the global music channel of the same name!)
In the Nokia case, hackers are believed to have found encryption codes for the Symbian operating system that runs on many of Nokia’s (mostly older) mobile devices. Criminals made threats to publicly divulge the information, which could have caused a complete breakdown in security for millions of Nokia devices.
Nokia are believed to have given in to the criminals’ demands, allegedly handing over an undisclosed sum of money in a car park. Police then reportedly “lost track of the culprits,” according to the BBC report.
According to the same report, Nokia are not the first company to have given in to ransom demands of this nature. Apparently police in the state of Massachusetts gave in and paid money after their systems were hit by the Cryptolocker virus in 2013.
Obviously the last thing you want is for your company, or one you are responsible for, to end up having to give in to a ransom demand. The best way to prevent this happening is to use a well-regarded managed security product to prevent breaches, and to keep users away from malicious sites and phishing attempts.
User education, as always, is also very important. If a company the size of Nokia can be successfully hit, it’s fair to assume anyone can. As the clichéd IT admin password says: “Trust no one!”