Monday, 10 february 2020 | Redacción CEU
Who would be interested in attacking me? This is one of the questions that many victims of cyberattacks have asked before becoming the specific target of a cybercriminal. One of the greatest risks of living in a connected society is the high exposure to digital attacks that users and companies have. However, there are many who still consider that this is only a problem which concerns large corporations and institutions. Conversely, the people behind these cyberattacks are fully aware that precisely the most vulnerable ones are those users who are least afraid of them. As a consequence, the ordinary citizens and the smaller organizations end up being the target of these attacks.
The pursuit of profit is one of the main incentives for cybercriminals. That is the reason why attacks based on information hijacking or cyber-blackmail are becoming a trend among them. Large corporations are presumably the wealthiest, but their favorite target are SMEs, micro-enterprises and self-employed professionals. Why? Because they are precisely the ones which least invest in security and who are less aware of and prepared for these attacks. Therefore, they are also those who fall in the traps that have been set for them.
SMEs and ransomware attacks
The figures are conclusive. According to Beazley Breach Response Services, seven out of ten ransomware attacks are aimed at SMEs. However, what does this type of cyber-crimes consist of? They are a type of attack with malware which is used to prevent users from accessing the documentation which is stored on their computers, stop them from using them or threaten them with destroying all the information stored in them. This information may be essential for many companies to develop their activity or protect the data of their customers. What criminals pursue with ransomware attacks is that victims pay them in order to solve this situation and avoid the negative consequences.
The cybercriminals behind these attacks know how to proceed to intimidate their victims. When they infect computers, they send a message communicating that if users do not pay ransoms, they will not be able to recover their files, access the system or prevent them from destroying all the information which is stored in them. Frequently, in order to increase the tension atmosphere, they activate a countdown that sets a deadline for the payment of the ransom. The amount of the money may also increase as time goes by. Cybercriminals usually require the payment of the ransom in cryptocurrencies so that they manage to hide the money trail.
Cybersecurity experts recommend not paying the ransom, as there is no guarantee that, after its payment, the attackers will reverse the damage. In fact, instead of solving the problem, they might aggravate it. Sometimes cybercriminals redirect their victims to links with malware with the promise that they will find on it the key to solving the problem.