Home > Articles

This chapter is from the book

3.9 Your Turn!

Every cyber extortion incident is unique. The response team’s options and priorities will vary depending on the victim organization’s industry, size, and location, as well as the details of the incident itself.

Based on what you learned in this chapter, let’s think through key elements of a cyber extortion attack.

Step 1: Build Your Victim

Choose one characteristic from each of the three columns to describe your victim’s organization:

Industry

Size

Location

Hospital

Large

Global

Financial institution

Midsized

United States

Manufacturer

Small

European Union

Law firm

 

Australia

University

 

India

Cloud service provider

 

Country/location of your choice

Organization of your choice

 

 

Step 2: Choose Your Incident Scenario

Select from one of the following incident scenarios:

A

Ransomware strikes! All of the victim’s files have been locked up, including central data repositories, servers, and workstations.

B

A well-known cyber extortion gang claims to have stolen all of the victim’s most sensitive data and threatens to release it unless the victim pays a very large ransom demand. The gang posts the victim’s name on their dark web leaks site, along with samples of supposedly stolen data.

C

Double extortion! Both A and B occur at the same time.

D

The victim is hit with a denial-of-service attack on their Internet-facing infrastructure that slows their access and services to a crawl. The adversary threatens to continue and even escalate the attack unless a ransom is paid.

Step 3: Discussion Time

Your victim organization has experienced a cyber extortion event. Given what you know about the victim and the scenario, answer the following questions:

  1. Should the victim organization assume that the extortion demand was the adversaries’ only activity relating to their environment? Why or why not?

  2. Name the steps that adversaries often take in the leadup to cyber extortion.

  3. Describe at least one way that the victim can often detect early signs of this type of attack prior to the extortion phase.

  4. What are the most common methods of entry that the victim organization should check for?

  5. Which means might the adversary use to try to notify the victim of the extortion demand?

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.