October brings a wealth of fun games, tricks, and traditions. This is true in Halloween spooky stories and activities, as well as on the dark web. Cyber criminals often use scare tactics to quickly spark a fear reaction from their threatening email, causing victims to give up cash for a promise of not acting on the threat.
This type of threat is on the rise, which begs the question, do you “treat” the adversary by paying the ransom, or is the threat just a “trick” to elicit cash quickly? Due to known breaches such as the Equifax breach, as well as many other large organizations holding user credentials, cyber attackers have a wealth of individuals common user name’s and passwords from places such as banking accounts, social media pages, and/or shopping channels, and with those credentials, it is easy to convince an individual of the “hack” by presenting those credentials to them as “evidence” that they currently hold keys to their accounts, and/or have obtained embarrassing content of the user.
In most cases, the email including the threatening ransom note, is nothing more than a hoax, and that individual has no control over your machine, or other information of yours. If the attacker doesn’t present some sort of proof that they have access to other content, or your machine through encrypting files, or presenting further content that they have stolen, more than likely it’s because they don’t have it.
Certainly, never respond to, or provoke these attackers. Simply alert your security or IT team to the malicious email, and they should block further communication attempts from the source to all employees of the organization. Remember, if you think an email may be malicious, especially if there is a time sensitive threat involved, never react without consulting with a security professional and allowing them to analyze the situation.