In an age of digital technology, Internet plays a key role in a person's day-to-day life, while data-theft and breach of private data by hackers has been a worry to cybersecurity analysts around the world. Hackers have mercilessly attacked government websites and more recently, even the democratic election process of one of the world's most powerful countries.
Read: The celebrities who bared it all on the internet in 2016, and not a hacker in sight
So, when these hackers steal data and ask a company to pay ransom, what should it do?
And these ransomware problems are real. One of the latest victims of hackers is E-Sports Entertainment Association (ESEA), a company known to host competitive video game tournaments.
ESEA was threatened by hackers to pay a ransom of $100,000. But the company duly refused with the stern statement, "We do not give into extortion and ransom demands." The hackers quickly made the 1.5 million stolen data of ESEA users, public.
Though ESEA did not release the exact figures of the user data breach, LeakedSource, a website that tracks and stores stolen databases, has put it to roughly 1.5 million ESEA users.
"...we take the security of customers' data very seriously. In addition to investigating the incident and reporting it to the authorities, we have been working to isolate the vector attack and secure the vulnerability," ESEA said in a statement on its website.
ESEA detailed that the "threat actor" first contacted them on December 27 via the company's bug bounty program and they began to ask for ransom and threatened to release the stolen information.
ESEA communicated with the hackers via emails, sought legal counsel, notified users and also informed the FBI about the attack. The company has also responded to media and community enquiries.
Following this, the company identified the vulnerability and patched it on December 29.
It also said that that threat actor was able to gain access to the game servers and was able to edit community feedback system (karma), but was unable to "view, access or modify any personal information."
What did the stolen data contain?
Hackers stole user data which included emails, private messages and phone numbers.
What measures should the user take?
The company has listed the possible measures that can be taken by ESEA users to thwart hacker attempts in future.
- Change your passwords and security questions/answers for any other accounts on which you used the same or similar information used for your ESEA account, and review any such accounts for any suspicious activity
- Use passwords specific to each website you hold accounts at
- Be cautious of any unsolicited communications that ask you for personal information or refer you to a website asking for personal information
Ransomware attacks – how big is this problem?
Ransomeware attacks are a growing problem faced by companies. According to CISCO, there are nearly 10,000 people and businesses which pay extortion money every month to avoid sensitive information from being leaked. Overall, these hackers could make $34 million annually, Venture Beat reported.