Does the next wave of malware involve something far more personal than money/ransom?–PC Pitstop
Is Extortionware the Next Big Threat?
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
TK Keanini, CTO, Lancope wrote a 2015 Predictions editorial over at SC Magazine. He said he expects more malware like CryptoLocker and CryptoWall over the next 12 months, but also something new called “extortionware”.
I wholeheartedly agree what he said: “Ransomware remains profitable, and cybercriminals are always looking for areas to grow their business. To date, victims have mainly been individuals with data from their computers or smartphones being held for ransom. But the one industry at great risk here is health care. Three factors make it a highly attractive target for ransomware expansion in 2015 – the mandate to move to electronic records, the sensitive nature of health care data, and the immaturity of the information security practices that exist in the health care industry today. This is a scary notion because we rely so heavily on the availability and accuracy of patient records. The cost of a compromise could range from an inconvenience to loss of life.”
But then he predicts something else for 2015 and that I do not agree with so much: “Extortionware is an expansion on ransomware whereby unless you pay a certain amount to the attacker, the data will be made public for all to see (or for more targeted disclosure). What if the data contains evidence of infidelity, for example? The list of possible incriminating data goes on and on, but you can see how this differs from ransomware. Much like spear phishing, this attack will be much more targeted, but attackers will yield a higher take per victim, and those victims are less likely to involve law enforcement due to the sensitive nature of the data.
Is this very likely? Article continued here.