Here’s How Much Your Stuff is Going to Cost to Get Back

Dear Organization,

It was so kind of you to leave your systems so vulnerable. It was very easy for me to grab a few things I thought I wanted. Turns out I don’t really need them, so I’ll be glad to give them back. For a price.

Your Domain

It’s tied to your website and email. It’s on all of your marketing material that you spent quite a bit on. It seems to be a critical part of your brand and reputation. No one suspects anything right now, but rest assured I have full control of your domain. The website and email will be routed to a location of my choosing if you don’t pay up. It’s going to take a lot of time and money to recover from this if you don’t. These domains do have value to me, but you should know by now that I’m lazy. I want the biggest payout for the least amount of work.

Domain renewal: Around $18 Per Year
To get it back: $1,000 – $10,000+
Domain names are typically tied to both email and website. When an attacker gets control of it they can begin to compromise every online account associated with any email address tied to that domain. They can exploit your customers and vendors too. Domains that have been well established are worth a lot of money to the right people too.

Your Phone Numbers

I’ll admit this was a bit trickier. I don’t always get my target’s phone numbers, but when I do they are mine in every way. It’s a process. I’ve got to port the numbers out which has some safeguards in place and takes time. I always give it a try because organizations are very willing to pay me for my trouble.

Phone Contract: Around $35 Per Month Per Line
To get it back: $500 – $5,000 per line
Phone number have been ported for massive profits. For some organizations it would be very difficult to change their phone numbers after a successful attack like this. Your daily operations are going to come to a halt, and again, the cyber criminal has a way to easily exploit customer and vendors.

Your Data

I’m sure you’ve noticed by now that all of your files are misbehaving and look a bit different. Don’t panic, that’s just the ransomware I installed on a unsecured workstation somewhere in your building. This particular version of ransomware is a pet project I’ve been working on named Spike. Spike has likely spread throughout your network and infected every computer. Your files are technically fine. Spike, like most ransomware, just encrypts your files leaving the data intact. It’s that helpless feeling when you’ve locked your keys in your car. The car is still good, you just can’t access it. Don’t bother calling a locksmith though unless you have an infinite amount of time and resources. Encrypted files, not diamonds, are forever.

Data Cost: Usually Priceless. You’ll have to consider all of the time and resources associated with building your company’s data.
To get it back: The current value of 1 Bitcoin and beyond
Have we mentioned criminals are lazy? In some case the hackers deploy automated malware that infects company data. The ransomware that encrypts your files may have preset demands. In other cases the hackers are more directly involved in the deployment of the ransomware on your devices. In either case, paying up may not get you your data back.

Your Personal Files

I also stumbled on those sexy photos and that secret video no one is supposed to see. I’m actually NOT going to give those back. However, for a small fee, I will promise not to release them to the public potentially ruining your career and your personal life.

New Camera: $250
To get it back: $$$$
Blackmail is another serious crime hackers will commit in order to exploit you and your company for cash. We’ve heard horror stories of individuals being trapped in blackmail schemes for years.

How Much?

I’m a realistic cyber criminal. I’m not going to pull a Dr. Evil on you and ask for 1 million dollars. I’m going to evaluate your organization and make some very reasonable offers. After all, I need to get paid for your valuables. Thanks again for all of your hard work building up your organization and making your domain name, phone numbers, data, and personal files worth so much. I’ll be in touch.

Regards,
The Cyber Criminal


If you can imagine this scenario, it may seem like an absolute nightmare. Trust us, it is. It happens time and time again. In whole, or in part. Cyber and information security play a huge role in stopping these kind of incidents. Your organization needs to consider having strong policies and procedures in place along with some solid endpoint security. Together, these will help put cyber criminals out of business.

Policies & Procedures

Traditional solutions don’t fit their environment and they aren’t agile enough to keep up with the evolving landscape. This always leads to problems that can be traced back to poor implementation, or lack, of modern policies and procedures. Don’t make the same mistakes. Allow us to connect you with our partner today.


Subscribe to Our Newsletter

We send out new articles every week. They'll help keep you informed about important information security topics and news.