Ransomware Defence – Avoiding Data Extortion

Ransomware: it locks up your data and holds it hostage, potentially bringing your business to a grinding halt.

You then have two choices: pay the ransom and get your files back (or sometimes not!), or simply restore a copy of your data rapidly from a cloud backup system and get on with your day – no ransom required. It’s a no-brainer.

But what happens when ransomware shifts its focus from locking up business files to exposing (and selling) sensitive data that could result in acute embarrassment, and both personal and reputational damage?

In short, what happens when ransomware gets ruder and becomes extortionware? Here’s what could happen – and why it’s still imperative to have effective data backup in place.

‘We have your porn collection. We’re publishing it.’


Perhaps inevitably, the rudest exploitation of all is that of porn and erotica stored on users’ business devices.

One IT director, as reported in this BBC article, found his (alleged) porn stash accessed and locked by hackers, who posted a screenshot of the file library – which included more than a dozen folders named after porn stars and porn websites – online.

A cautionary tale for anybody hoarding or accessing such material on their work machine?

Certainly, although as one cybersecurity expert pointed out, it’s not so much about the specific character of the material itself; it’s more about the fact that employees should not be storing or accessing anything that can potentially harm a business’s reputation using that business’s IT assets or networks – whether it’s porn, an incriminating email, or anything else.

(So, what are your business IT users accessing on your network, do you think…?)

Making the personal exploitable

What is also getting clearer by the minute, however, is that the element of the personal in these attacks is becoming weaponised as never before.

Hence, as we see in the porn stash example, it was an individual’s own personal behaviour – nothing to do with the business’s own dealings – that was used to launch an attack on that business.

And in 2020, when cosmetic surgery chain The Hospital Group was held to ransom with the threat of publication of ‘before and after’ patient images, individuals’ own personal sensitivities around their body image were the potential attack platform.

Perhaps predictably, extortionware attacks are on the increase. How long, then, before a business – your business? – is held to ransom because one of its employees’ devices yields a drug or alcohol problem, or an incriminating medical condition, or membership of a controversial organisation, to a hacker.

So where does backup come in?

Clearly, backup’s place in restoring back into a business the data that has been locked by a ransomware attacker is invaluable.

Of course, when the ransom includes an extortion element that threatens to sell or publish your data thereafter, backup cannot stop this – although it’s worth noting that even in this form of attack, the data is first locked by the attacker before they do anything else with it, and so backup is still an essential tool to get it back at that stage.

But it’s also important to realise that extortionware is not just a standalone attack method. In other words, extortionware attacks often seem to ‘hide’ a simultaneous, more ‘conventional’ ransomware attack focused on locking up your business-critical files – with the extortionware ‘add-on’ simply functioning to inflate the final ransom price.

One cybersecurity expert put it like this: ‘Hackers are now actually searching the data for information that can be weaponised. If they find anything that is incriminating or embarrassing, they’ll use it to leverage a larger pay-out.’

And this is also borne out by our ‘porn stash’ example, where the hackers were getting busy on several hundred gigabytes of the victim’s business data at the same time as they were exposing his personal files.

In short, whilst extortionware is disturbing in itself, it is more damaging for its apparent function of taking ransomware to the next level – and in this scenario, your business needs to be looking at its data backup capabilities more closely than ever.

It’d be rude not to.