Multi-Faceted Extortion: Insider Look at Ransom Payments and Cyber Defense

Jacqueline Brown
Wiley Rein LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Day 3 at RSA Conference 2022 was filled with fascinating discussions on enhancing our cyber defenses to defeat the ever-proliferating spate of increasingly common and expensive ransomware attacks.

First, the experts at Mandiant walked us through multi-faceted extortion and ransomware trends. Wondering what “multi-faceted extortion” is? Well, it’s a variety of tactics, often of a threatening harassing nature to ramp up the pressure on the victim to pay the ransom. Mandiant aptly called these “extortion accelerators” such as stealing data, threatening to sell the data, threatening to publicize the stolen data, reaching out to company leadership, regulators, or press to try to shame the victim into paying the ransom.

What are these bad actors after? Personally identifiable information (PII) and intellectual property.

Next, Mandiant walked us through alarming statistics. A study by Chainanalysis showed that approximately $602 million was paid to cyber threat actors in 2021. Year over year, the FBI is reporting a 69% increase in ransomware related losses. While the FBI was able to successfully recover 40% of the ransom payment in the 2021 Colonial Pipeline attack, Mandiant indicated that 98% of its clients that make ransom payments do not attempt to recover funds.

This, however, is considered to be incomplete data due to the under-reporting of ransomware attacks and voluntary nature of reporting cyber incidents (currently, but CISA is working on mandatory reporting obligations to implement Congressionally mandated reporting).

You might be wondering: what kinds of security did these victim companies have? Was it deficient – is that why the threat actor got into their systems? Mandiant noted that these victim companies had security measures deployed. The victims frequently had end point tools that identified credential harvesting (e.g, stolen usernames and passwords) and sent alerts. The analysts failed, however, to understand the alert and what was happening on the end points, leading Mandiant to conclude that to improve cyber defense, companies need to invest in what goes around their toolset – in their employees and their analytic capabilities.

Finally, Mandiant walked us through their key takeaways for effectively defend against multi-faceted extortion and ransomware attacks:

  • Build a robust security program but prepare ahead of time for successful attacks. In other words, be prepared to fail and have a plan to respond.
  • Effective cyber defense is not just about the latest tools. Effective cyber defense is about the intelligence, expertise, and execution that goes along with tools.
  • Strong security architecture begets strong cyber defense.
  • Multi-faceted extortion increases pressure to pay ransoms.

Now, after a quick stop at the Equality Lounge, I’m off to see colleagues from the National Security Institute at George Mason Scalia School of Law.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Wiley Rein LLP | Attorney Advertising

Written by:

Wiley Rein LLP
Wiley Rein LLP
Contact
more
less

Wiley Rein LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide