While the nature and domain of cyber kidnapping-type crimes may differ, the security rules remain very much the same. TAL Global has worked with clients who have experienced each of these incidents. The purpose of this mini-paper is to share our experience and provide recommendations for our clients, associates and friends.
Cypber Kidnapping No. 1: Physical Kidnap and Ransom (K&R)
The goal of K&R is simple: money. Ctber kidnapping is a business to these perpetrators. According to Investopedia there were between 15,000 to 20,000 cyber kidnappings globally last year. This figure doesn’t include unreported incidents. By some estimates, the number of reported kidnappings is less than 20% of the total. If that’s true, then the real number is between 75,000 and 100,000 kidnappings annually.
The amount of ransom paid is estimated at $1.5 billion. Mexico, the leading location for kidnapping purported accounted for $50 million in ransom payments. There are some other nuances at play. In some countries it is illegal to pay ransom while in others, particularly in Latin America, it’s just another business. At its heart, this is fundamentally a business transaction. We believe the keys to a successful conclusion to these kinds of incidents are:
- Contact a K&R consultant earliest in the process as possible.
- Have a cool-headed family member who is coachable be the voice, but be guided by the consultant.
- Ask for proof of life a few times during the negotiations.
- In most cases, slowing down the process helps the negotiating.
- Negotiate price down while getting info on the victim.
- Set up exchange.
- Go home….
Cypber Kidnapping No. 2: Virtual Kidnapping
Virtual kidnapping begins with a phone call. The caller claims to have taken a loved one and wants money to release them. In fact, the loved one is perfectly fine. We have seen a couple of variations on virtual kidnapping. In one scenario, the caller is far from the target and is working from information gleaned from Social Media or is just ‘fishing’ for a target.
In the second scenario, the caller has done some homework, can physically see the target and may know that the loved one cannot be reached for one reason or another, such as being at a concert or a movie. Remember, the target is not the one supposedly taken, but the one with the money.
In June, TAL Global published “Virtual Kidnapping: A Real Life Cautionary Tale” which told the story of a TAL Global executive protection resource working out of Southern Mexico who was contacted by a kidnapper via cell phone at her hotel room. During the call, the kidnapper told the victim she was being watched and needed to comply with instructions. It turned out that the perpetrator had eyes on the target, but the loved one was completely safe.
These scams are very much like their physical K&R counterparts because it’s all about money. Most of the same tips apply with some adaptations.
- Many perpetrators get their information from social media which often provides good intelligence for bad people. Never put your personal information including your phone number on Social Media.
- This is a negotiation and the caller wants money. If the caller wanted to do harm, they would have done it without a call. You have negotiating power; use it so that you can confirm whether your loved one is in danger.
- Ask for proof of life.
- Listen to clues: age of the caller, speech and language characteristics, background environment, etc. Is the caller getting info from anyone else? Do they really know who you are, where you are, the description of your car, or route you are driving?
- This is a negotiation – during the time you are trying to get money you are buying time to think and plan the next step, such as calling law enforcement.
- Once you know your loved one is safe, hang up.
Cypber Kidnapping No. 3: Ransomware – The Cyber kidnapping of your data
In this situation, a hacker remotely hacks your organization’s network and encrypts your data to the point where you cannot operate. They promise if you pay their ransom, perhaps in cyber currency like Bitcoin, they will give you instructions on how to get your data back.
ZDNet, a well-known high tech industry organization, ran an article “Ransomware: Cyber insurance payouts are adding to the problem, warn security experts” In that article one of TAL Global’s partners, Theresa Payton, CEO of Fortalice, was quoted as saying, “I’m increasingly frustrated at the trend where the insurance companies are actually encouraging victims to pay.” She argued that this philosophy was driven by the insurance company’s desire to pay out the least amount of money.
Other experts see it differently in that paying ransomware demands encourages more ransomware attacks. They believe that ransomware is more a crime of opportunity where the perpetrators are relatively unsophisticated and are looking for a quick hit from a befuddled victim. They argue that payment stimulates hackers who see a payoff without the exposure of being apprehended.
We have seen that small and medium sized enterprises are often lucrative targets. Physicians’ offices in particular are often quick to pay off ransomware because they lack the back-ups or other technical means of restoring their data and because, should their patients’ information be exposed, the physician is a prime defendant in privacy and/or negligence lawsuits.
Here are some keys to dealing with ransomware:
- Ensure that you have robust onsite and off site back-up systems so that you can quickly recover.
- Have strong patch management policies and procedures so that your networks are up to date and that there are no lingering vulnerabilities.
- Employ anti-malware software.
- Employ whitelisting software that can prevent unauthorized applications from executing.
- Remember that, like physical and virtual kidnapping, ransomware is all about the money.
- In the case of ransomware, your loved one (the data) might not make it because the attacker doesn’t follow through with decrypting instructions even if you pay the ransom.
Cyber kidnapping has many different varieties, it is a serious offense that is designed to inspire fear into the loved ones of the victims and/or their organizations. The goal of this article is to show that an immediate reaction out of fear is the least desirable course of action. Situational awareness from the person kidnapped and those being victimized by the attacker is a key to success. Preparation may not be possible, however, as we have shown, there are steps that can be taken to minimize the likelihood of harm to people or property.
COL (R) Lawrence D. Dietz
TAL Global Corporation
General Counsel and Managing Director, Information Security
Colonel (R) Lawrence D. Dietz is a nationally recognized expert in the areas of cyber security, cyber warfare, information security and intellectual property. Mr. Dietz is a licensed attorney and also provides litigation and legal support to our clients in these matters.
As a retired Army Reserve Colonel specializing in intelligence and PSYOPS, Mr. Dietz has over 30 years of diversified military and commercial information and cyber security experience. This unique knowledge combined with the thought leadership of academia enables Mr. Dietz to bring varied approaches and solutions to clients’ challenges.
TAL Global is an elite security consulting and risk management firm that protects human and physical assets around the globe; a team of world-class, interdisciplinary security experts who have had experience with these three types of threats as well as others. Please contact us to discuss how we can help you with your security needs. As always, we value your feedback to help us shape our perspective on the world around us and the services we offer.