TRENDING:

Forensics , Next-Generation Technologies & Secure Development , Security Operations

Facing Cyber Extortion? Step 1: Don't Panic

Too Many Organizations Erase Forensic Evidence, Investigator Ondrej Krehel Warns Mathew J. Schwartz (euroinfosec) • August 24, 2016    

Has your organization suffered a ransomware outbreak? Are cyber extortionists threatening to unleash a logic bomb in your enterprise network unless you send bitcoins? Are you being blackmailed by a cybercrime gang claiming they'll release your stolen documents unless you pay them to behave?

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

Too often when organizations get shaken down by online criminals, they panic, and in the process make the predicament they're facing even worse, warns Ondrej Krehel, digital forensics lead and CEO of New York-based LIFARS, a digital forensics and cybersecurity intelligence firm.

In particular, Krehel says, many IT departments respond to signs of ransomware outbreaks or other types of cyber extortion by wiping infected systems or reinstalling operating systems. By doing so, however, they could be erasing crucial forensic evidence that might help validate whether attackers are telling the truth about having stolen data or to ascertain how bad the breach actually was.

Instead, Krehel says organizations need to take a big step back, think carefully about how to proceed, avoid destroying any evidence, and preferably call an expert. "For us, every piece of electronic information is actually evidence," he says, because it can help digital forensic investigators "find out what happened, how it happened, what data had been exfiltrated, and what the intentions of the attackers really were."

In this video interview at Information Security Media Group's recent New York Fraud and Breach Prevention Summit, Krehel discusses:

  • Digital evidence-gathering essentials;
  • How ransomware gangs procure their toolkits;
  • The rise in attacks that encrypt interfaces to backups.

Before founding LIFARS, Krehel was information security officer of Identity Theft 911 and digital forensic examiner for Stroz Friedberg. He teaches cybersecurity and digital forensics at St. John's University and is on the advisory board of the Prague-based, cybersecurity-focused QuBit Conference.

Previous
Email Fraud: An Inside Look at the Fraudsters
Next
Churchgoing Nigerians Drive Business Email Attacks

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.