Cyber Attacks or Extortion Attacks? Hackers are getting million dollars from companies after stealing their sensitive data!

It sounds confusing but the fact is, cyber-attacks are now becoming Extortion attacks. First attackers attacked on big companies and steal GB’s of sensitive data from their databases. After that they demand for large amount from company for not to release their sensitive data online. Companies can face large ruin if sensitive data of their users, dumped on the internet by the hackers. To avoid this type of ruin, they gave millions of dollars to hackers.

Charles Carmakal is vice president of computer forensics unit at Fireye and he said,” IT companies of United States have faced major cyber-attacks last year and these companies had paid more than US$ 1 million to hackers for not to release sensitive data online.” Hackers first steal their sensitive data and then threatened them. They said, if you will not pay us we will release your sensitive data online.

Hackers are very smart. They target big companies, steal data, then they read that data to know its value later they demand for money. Carmakal said, there are many companies who had paid the amount in seven figures to the attackers, just for not to release their data online.

These type of Extortion attacks are more damaging as compared to Ransomware. In ransomware such as Cryptolocker, hackers encrypt all the files of user’s computer and demands for money for its solution. In this case they demand for small amount such as hundred dollars. But in Extortion attacks, hackers demand for millions of dollars. To avoid these type of Extortion, there is need of highly skilled cyber security experts in companies.

Extortion attacks are most harmful especially for Big companies. If the sensitive data of big companies revealed publicly, they can face a great loss. Therefore to avoid these type of situations, big companies are really paying to hackers. Attackers did not gave much time to company for doing this, because they don’t want to take time for investigation.

Carmakal said, at that moment forensic experts have to give their best for fast investigation. He also said that there is absolutely risk if companies will not pay them and if companies will pay there is also a risk.

So companies should hire highly skilled cyber security experts for regular time to avoid these type of risks. Companies should organised cyber security seminars time to time for their employees, because basic knowledge of cyber security is a must for all employees.

Source: CIO Blog