Data Kidnapping is a serious cyber threat. The principle is to lock - usually encrypt or erase data. The attacker then demands ransom for return data to the owner - like the kidnapping of a man. Data kidnappings emerging stronger since 2012, becouse of the expansion of cryptocurrency that allows anonymous payments. The cryptocurrency is not essential - an attacker may require the ransom payment via “classical way” such as checks or cash. The essential is a focus on the data content which is valuable for the victim, ie personal or business sensitive information.
Data kidnapping and similar criminal practices are sometimes referred as “Hacking 2.0”
How does the kidnapping of data work?
The attacker invades your device over the Internet or over a virus and encrypts data on the unprotected device (computer, mobile phone, on the server). The other way is a physicall stealing of a data storage (an external drive, computer, phone, server). The attacker consequently demands ransom for the return of the data or the device.
How we can protect against data kidnapping?
The best protection is a regular backup of your sensitive data on a separate and protected place - preferably so that the attacker can not reach it (see the principles of data backup). So if you lose the data, you have a backup copy. The best way is to combine backup with some security software - antivirus or other security software.