The Dutch National High Tech Crime Unit (NHTCU) announced on Tuesday that they have arrested three suspects in connection to an international cyberextortion scheme. The three individuals are alleged to have earned millions of dollars by infecting computers worldwide with ransomware.
What is Cyberextortion?
Cyberextortion is defined as the criminal practice of using electronic means to extort money or property from an individual or company. It is a relatively new form of extortion that centres around using malicious software, such as ransomware, to target and lock down an individual’s computer or a companies records unless a ransom is paid to the attacker.
What is Ransomware?
Ransomware is malicious software that infects computers, encrypts data, and essentially holds it hostage until a ransom is paid to the attacker for the decryption key. Attackers first use phishing tactics to gain access to a system, then once inside can open and close access to files and drive encryption, with either a single one-time fee for decryption or a continuing subscription-based model for recurring payments.
The NHTCU’s Investigation
According to the NHTCU, their investigation into the three suspects revealed that they had used ransomware to target thousands of computers in 160 countries, including individuals as well as companies in healthcare and other essential industries. The attackers, which have been identified as a 35 year-old male, a 30 year-old female and a 31 year-old male, are believed to have earned over €7 million in payments.
The NHTCU seized both cryptocurrencies and other assets belonging to the suspects, which have a total value of €600,000. In a press release, the NHTCU stated that their investigation is ongoing and they will be taking further action in the months to come.
Preventing Cyberextortion
Cyberextortion can have devastating effects, especially for companies and public organisations. To combat this threat, it is crucial for businesses to have an action plan in place. Some key steps to prevent cyberextortion include:
• Investing in cyber security technology and implementing measures such as firewalls and anti-malware software
• Educating employees on how to spot and avoid phishing attacks
• Backing up data regularly and keeping multiple copies in different locations
• Ensuring that network passwords are secure and regularly updated
• Proactively monitoring for any suspicious activity
• Refraining from paying any ransoms if the company becomes victim to an attack
The Encouraging Outcome
The arrest of the three suspects is certainly a positive outcome, as cyberextortion is a serious and growing concern. However, it also encourages us to take steps to ensure that our organisations are protected against this threat. Share this important article on social media to make sure everyone is aware of the potential risks that cyberextortion can pose.