Diego Sanchez

• S2 Grupo has explained that the objective of this new type of cyber-attack is not only the money of the compromised company, but also extortion of third parties that may be affected by the disclosure of the extracted data.

• As technologies and attack strategies adapt and transform, modern incidents can turn into a ransomware chain that need not end with an increasing number of victims being harmed.

Valencia April 20, 2023.- Valencian company S2 Grupo, specialized in cybersecurity and critical systems management, has explained that triple extortion ransomware is one of the main cyber threats for companies and entities of all types in 2023.

Ransomware is a type of attack whereby a cybercriminal infiltrates a corporate network to encrypt the data on it and prevent its use. It then extorts money (usually cryptocurrencies) from the victim in exchange for the decryption key.

“The problem that arises is that as organizations have begun to implement backup systems for their important data, hackers have become increasingly creative and have added new and sophisticated features to their cyberattacks“, said José Rosell, managing partner of S2 Grupo.

In 2019, the double extortion ransomware attack was born when cybercriminals such as Doppel Paymer or Maze found a second way to persuade victims to pay the ransom for their data, despite having backup copies of the systems. This one consisted of the cyberattackers making a copy of the data so that they could use it in negotiations. In this way, if the victim refuses to pay a ransom, the confidential data stolen from the network will be made public or sold on the black market.

“The double extortion ransomware rendered the backup server useless because cybercriminals have access to sensitive information, and even if an organization can restore its network, the main problem is that the data is made public“, explained Miguel A. Juan, managing partner at S2 Grupo.

“In recent years, cybercriminals have reinvented themselves again. A new method of harm has emerged, which is triple extortion ransomware. This type of attack is based not only on seeking money from the compromised company, but also extorting money from third parties that may be affected by the disclosure of the extracted data or continuing to pressure the damaged company to pay,” said José Rosell.

“The first triple extortion ransomware took place in October 2020 when the Finnish psychotherapy clinic Vastaamo suffered the cyberattack on its servers and cybercriminals extorted their clients by threatening them with the disclosure of information on their therapy sessions,” Miguel A Juan continued.

The problem with this type of ransomware is that not only does it have a new layer of persuading third parties to achieve its goal, but cybercriminals can continue to attack the same organization. For example, if a company has successfully recovered data from backups and is not open to negotiate, attackers can launch a distributed denial-of-service attack to exert more pressure.

Experts at S2 Grupo have concluded that triple extortion ransomware is an extension of the double extortion attack by adding an additional pressure point to get its victim to pay up. In addition to data encryption (the first layer) and the threat of important data leakage (the second layer), the cybercriminal can add another tactic of their choice (the third layer). The third point of extortion can be any kind of technique that ends up getting the compromised company or a third party to pay for the data.

Thus, as technologies and attack strategies adapt and transform, modern incidents can turn into a ransomware chain that need not end, with more and more victims being extorted.

• The company S2 Grupo has warned that the elderly are one of the most vulnerable groups in the use of new technologies and that is why they are one of the targets of cybercrime.

• They should be aware of cyber-scams such as vishing, the use of strong passwords, the dangers of public Wi-Fi or the importance of not participating in chain messages, are some recommendations that can help them protect themselves from digital dangers.

Valencia, March 30, 2023.- The elderly are one of the targets of cybercriminals due to their vulnerability in the use of new technologies. As with children, their lack of inexperience or knowledge of devices and the Internet makes them an easy target.

In this context, the cybersecurity and critical systems management company S2 Grupo has highlighted that it is very important to protect our senior family members by showing them some basic recommendations that will prevent them from putting themselves at risk.

“Connected devices have become a resource of great help in the day-to-day life of the elderly, both when it comes to facilitating tasks such as when they activate devices by voice, as well as with the use of connected surveillance systems or simply to be able to be closer to their relatives through video calls, for example“, said José Rosell, managing partner of S2 Grupo.

“However, it is an environment in which they have entered abruptly many times, without really controlling its operation and that lack of knowledge means that on many occasions they are truly put at risk while using devices connected to the Internet. Cybercriminals know this and take advantage of it. That is why it is essential to protect the elderly so that they can use technology without falling into these risks“, explained Miguel A. Juan, managing partner of S2 Grupo.

Ten recommendations for cybersecurity for the elderly are:

1. It is important to protect personal information: “Many grandparents do not realize that publishing photos of their grandchildren could be a problem, for example. That is why they should know that any information that is published is in the public domain and, therefore, it is important to be careful with this“, said José Rosell.
2. Warn them to be careful with SMS and to know that many times cybercriminals use them to impersonate other entities such as the Post Office or the bank.
3. Remind them that the bank will never ask for their passwords by message or email and, if this happens, we are facing a possible cyber-scam.
4. Advise them not to participate in chain messages inviting you to forward them or telling you that if you click on the link you will participate in a contest to win important discounts or prizes. Usually, there are cybercrime actions behind them.
5. They should enter only secure web pages, which are those that use the padlock symbol and always have the letters “https” at the beginning.
6. If they use a Wi-Fi, it is better that it is only the one at home and if they use a public one, they should only use it to consult webs where they do not enter any type of personal credential because anyone can access these networks.
7. To use strong passwords (with uppercase and lowercase letters, alphanumeric characters and numbers), and not always the same one for all accounts and not write them down in a notebook that is always carried about, because it could be lost or stolen and compromise them.
8. To always install antivirus in the devices connected to the Internet.
9. Warn them about telephone scams such as the so-called “vishing”, in which a call is made to trick the person to obtain personal information such as passwords or a bank account, for example. 
10. To update the telephone or computer whenever the alert appears. It is important to tell them that this is not dangerous and is very simple. If they do not know how to do it, tell them to ask for help.

• S2 Grupo has pointed out that identity theft, physical or digital theft, or loss of work, are just some of the consequences of problems in protecting our digital identity.

• Some recommendations are to periodically search the Internet to find out what digital identity we have, not to make publications that could compromise us in the future or to correctly configure the privacy of our accounts.

Valencia, February 23, 2023.- The cybersecurity and critical systems management company S2 Grupo has warned that it is essential to protect our digital identity because it can have important consequences in our personal, work or family environment, among others.

These can range from losing a job, directly not being selected as a candidate for a job offer, being a victim of identity theft, digital and also physical theft (for example, when we report where we live and where we are at every moment, it is easy to know when no one is at home), etc.

“In this context, we need to be aware that protecting our digital identity is just as important as protecting our identity in analog life. Many people believe that a comment, a criticism or an opinion on social networks is of no consequence, but this is not so. Everything we publish is recorded and shapes who we are in the digital sphere and this can have important repercussions, perhaps not at the time, but after a few years we may regret something we publish“, said José Rosell, managing partner of S2 Grupo.

“Our digital identity is shaped by all the information we publish on the Internet, comments on social networks, registration on online pages, registration of personal data, photographs, video, when we say where we are going, with whom, etc. And everything on the Internet leaves a trace. Just because we have deleted it does not mean that it has disappeared. That is why we have to protect what trace we want to leave and how to make it safe for us“, explained Miguel A. Juan, managing partner of S2 Grupo.

Ten tips to protect our digital identity

Given the importance of this issue, S2 Grupo experts have highlighted ten recommendations that can help us protect our identity on the Internet:

1. Use strong passwords and change them periodically.

2. Modify the privacy of our profiles on social networks according to their purpose .- For example, perhaps we have a professional profile in which we only share topics related to this field and which we leave completely public. However, we can have a very private profile to share more personal or recreational issues.

3. Update apps .- This step is essential to avoid vulnerabilities in programs and applications that are exploited by cybercriminals to gain access to other people’s information.

4. Do not make compromising publications .- Everything we publish leaves a trace on the Internet. Even if we do it under a name other than our own, it is possible to find out who is behind the profile. Therefore, posting photos, videos or comments that could put us in a delicate position in the future, is something that once done we will not be able to remove even if it seems that it does not appear because we have deleted it. The first rule to protect our digital identity is not to publish anything that could harm us.

5. Don’t be part of hoaxes or fake news .- Nowadays, we share news because they are attractive to us and without checking them. When these are false, we have contributed to one of the great dangers of disinformation, which is often caused by cybercrime. This also shapes our digital personality.

6. Choose privacy options on social networks appropriately .- Decide who can see what.

7. Log out whenever we access our accounts from other people’s computers.

8. Do not post content copyrighted by others, as this could lead to legal problems.

9. Check our digital identity periodically looking for information about ourselves .- S2 Grupo recommends doing this several times a year. We can look at Google or networks, for example, to be informed about what information about us appears on a regular basis.

10. If your digital identity has been damaged, ask for help .- Notifying the authorities and/or organizations that deal with cybercrime will help us and give us the support we need to respond to complex situations such as cyberbullying, sextortion or identity theft, for example.

• Experts from S2 Grupo have highlighted that knowing the cyber risks we face as well as the tools we have to avoid them, are essential steps in raising cybersecurity awareness in society.

• Having a NAS server, a personal VPN, cybersecure wallets, USB blockers or RFDI protection systems are some of the gadgets that can increase cybersecurity in homes in a very simple way.

Valencia, February 6, 2023.- On the occasion of the celebration of the International Safe Internet Day tomorrow, Tuesday, February 7, the Valencian company S2 Grupo has highlighted the importance of cyberprotecting homes and our personal lives to avoid being victims of cybercrime.

“If we want to protect our digital life and that of our family, it is essential that we become aware of both the risks that we can find on the Internet and the tools we have today to be cyberprotected and thus be able to enjoy technology while minimizing the risks that may accompany it,” explained José Rosell, managing partner of S2 Grupo.

“Little by little, society is becoming more aware of cybersecurity. We know the risks of using public WiFis, using weak passwords or not regularly updating the systems of our devices, for example. But it is also interesting that we incorporate new tools that can help us at all ages, ranging from cybersecurity stories for children to smartphones especially designed to help the elderly,” said Miguel A. Juan, managing partner of S2 Grupo.

In this regard, experts from the company have highlighted 6 recommendations that will help improve cybersecurity in homes and in our personal lives:

1. Have a NAS storage server. – This is a private home cloud where you can store information and avoid relying on third-party services such as Google, Apple, Dropbox or Wetransfer. This type of server is easily connected to the home network and allows us to store information, manage it and share it with the users we choose.
2. Have a personal VPN. – This consists of a virtual private network, widely used in cases of teleworking, which is also very interesting for our personal security. They act as a tunnel that protects our Internet activity and prevents others from accessing our data and stealing personal information.
3. Acquire a privacy kit. – As pointed out by S2 Grupo, this type of gadget is one of the best anti-spyware shields since it has an RFDI blocking card to prevent contactless cards from being read, a USB data blocker to charge devices securely, and a webcam cover.
4. Have a cybersecure wallet. – These types of accessories usually have RFDI protection (which becomes a shield that prevents cards from being cloned, personal data from being accessed or unauthorized purchases from being made). They also have card anti-fall mechanisms, even if the wallet is turned upside down, and a pocket for Airtag, Apple’s tracking device, among other elements.
5. Reducing the digital divide with adapted smartphones. – In this regard, S2 Grupo has highlighted the usefulness of “Maximiliana”, a smartphone especially designed for the elderly, which works on its own. It was created by the engineer Jorge Terreu to be able to see his grandmother Maximiliana while he was on Erasmus in France. It is a very simple phone with which you can receive video calls and messages without having to touch anything.
6. Give away cybersecurity stories. – To raise awareness among the youngest members of the household, it is recommended to give away these types of stories that explain the problems that a child may face every time he or she has a smartphone or tablet in his or her hands in a fun and easy way through fables. Through them, they will learn to detect threats through situations in which the characters face a problem, reflect on it, ask for help and see how it is solved.

.

Patricia Berzosa – Prensa S2 Grupo – T. 658 810 015 – patricia.berzosa@ext.s2grupo.es