In a typical data breach, a cybercriminal does not “steal” information in the same sense a thief steals a physical item. Usually, the criminal makes a copy of the information for his own illicit purposes, and leaves the original data untouched.
Sometimes, however, criminals may physically remove digital assets, or at least make them unavailable to their owner. Often this is for extortion purposes: the criminal removes or encrypts valuable digital assets and holds them hostage until a ransom is paid. This sort of event is classified by Advisen as “Asset Theft.” Also included in this category are situations where the owner still has access to the assets, but the criminal threatens to publically reveal sensitive information it unless a payment is made.
Reported Asset Theft cases have skyrocketed in recent years, more than tripling between 2009 and 2013.
Cyber extortion is a fast growing crime. A “ransomeware” attack is one of the most common types of cyber extortion schemes that largely impacts individual users. One antivirus firm reported in May that users of its security product alone visited ransomware-infected sites 18 million times in a single six-week period. Ransomeware infects a computer and encrypts locally stored files behind a virtually unbreakable wall of encryption. The victim must pay a significant sum to the hackers to get the files back.
A growing number of businesses also are being targeted with extortion scams. These can be similar to ransomware attacks on individuals – the hacker gains access to valuable information on a network, removes or encrypts it, and then demands a ransom to restore it. In a variation on this attack, a hacker who discovers a security flaw in a company’s network may demand payment in exchange for not disclosing the flaw to other hackers.
Services companies have quite consistently represented the largest number of cases, followed by governmental entities (Public Administration).
In yet another cyber ransom scam, hackers breach a company’s network and gain access to sensitive information such as customer credit card data, social security numbers, medical records, or a confidential nontangible asset such as a trade secret. The hackers then threaten to publicly release or sell the information unless the company comes up with a ransom payment.
Small companies with light network security are frequently targeted for extortion scams, but large companies also can be vulnerable. In one odd case, Case Number 727862 in Advisen’s MSCAD large loss database, a hacker threatened to reveal confidential and proprietary information stolen from Marriott International, Inc.’s computers unless the hospitality company gave him a job maintaining the company’s computers.
Asset Theft also includes corporate account takeovers – a scheme in which cyber criminals gain access to banking information stored on corporate computers. The criminals then drain the company’s bank accounts with transactions that appear entirely legitimate to the bank.