Cyber threats are constantly evolving. Things are more muddled now than ever before, because many companies are forced to send their employees to ‘work from home’, because the ongoing Covid-19 pandemic. Employees using their own devices at home can be another added concern. One of the newest cyber threats is breachstortion. Not many companies are aware of it, and in this post, we are discussing the basics worth knowing.
What is breachstortion?
In case of breachstortion, the hacker sends an email to the victim that their company network or website has been hacked, and data has been moved to an offshore server. The victim is asked to pay a ransom, or else, the hacked data will be posted publicly. The surprising part is there is no specific evidence in the email that the data has been stolen, or a breach or hack has happened. The ransom is typically asked to pay in form of bitcoin, or other cryptocurrencies. The amount asked can be often small or large, depending on whether the breach has actually occurred.
Things to understand
In most cases where victims get a breachstortion email, no breach has actually happened, and the hacker is just playing on fear of the victim, expecting to make quick money. If a breach has really occurred, hackers will post at least some data online or go public, just to prove that they have caused the damage. Breachstortion attacks are often not like that.
What to do after getting a breachstortion email?
Breachstortion emails are typically a phishing scam, and probably nothing has happened. If any of your employees has received such an email, do not panic, but do take necessary steps. Let the cybersecurity team know of the email, so that they can take necessary steps. Shortened URLs are often used in breachstortion, so check such URLs before clicking. Ask your employees to check email IDs and websites with a bird’s eye, so that they don’t fall victims to social engineering. More importantly, don’t be scared to pay the ransom. Just like ransomware attacks, breachstortion attacks are getting common, and paying the ransom doesn’t ensure that you will never face such a threat or email again.
Let your employees know what breachstortion is all about. Train them when and how to report a suspicious email, so that effective steps can be taken in time, without making unnecessary mistakes. Get your security team involved, as soon as such email is received.