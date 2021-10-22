“Double extortion” cyber attack is the new headache for small businesses
Small businesses are increasingly becoming victims of cyber attacks ransomware of “double extortion”. This is an invasion in which the cybercriminal not only “hijacks” access to computer data and files and asks for a ransom to release them, but also charges not to leak the information on the internet. The trend was revealed by Sandro Süffert, CEO of security company Apura, in a recent debate promoted by the Federation of Industries of the Federal District (Fibra).
- New type of ransomware bribes employees to attack the companies themselves
- Video shows how the ransomware that would have attacked Lojas Renner works
The ransomware creates a layer of encryption on the data, that is, it scrambles it in such a way that it is practically unusable. Only those who performed this operation – in this case, the cybercriminal – can undo it. The biggest mistake of micro and small Brazilian companies (MPEs), according to Süffert, is to believe that their information does not have the same value as large companies. Therefore, they neglect to take precautions against this type of threat or do not correct their vulnerabilities.
“Unfortunately, most incidents go weeks, months, without being detected. When recognized, it’s too late. Having a resilience, in which it is possible to see, at the edge, that there is an attack, can prevent the entire digital environment from being compromised. There is a ransomware attack that is carried out on a dozen devices; and there are also advances that affect all computers in a company. The difference lies in the ability to contain the attack”, explained the executive.
Want to catch up on the best tech news of the day?Access and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news from the tech world for you!
Image : Kahll/Pixabay
Süffert says that most cybercriminal groups come from an articulated business network, where each expert has a role: some access the networks while others develop data encryption, handle communication and manage the receipt of ransom cryptocurrencies. The charge amount depends on the size of the target. As an example, he mentioned that an attack on a clinic or a bakery might ask for US_jobs(data.content)nbsp; thousand (BRL 56, 5 thousand at the current price), and in a large company, reach millions of dollars .
“In this case, both the company’s image is affected publicly and, in regulatory terms, heavy fines can be applied, due to the provisions of the General Data Protection Law (LGPD), on the fact of having customer data leaked”, Süffert pointed out.
According to the LGPD, companies are directly responsible for leaking their customers’ personal data, and the fine can reach 2% of the company’s revenue, but restricted to a ceiling of R$ 1024 million. That is why the company needs to invest in qualified technology professionals and appoint a highly competent person to become the data manager ( data privacy officer) and take care of good practices in the handling of these information.
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.
Ransomware: is it better to pay the ransom or not?