Practical Advice for avoiding Cyber Extortion

By – Luis Corrons, Director of PandaLabs

In recent years, the massive growth in cyberattacks has led to companies having to devote more time and resources to combatting the problem, now cyber extortion has become the major threat, with high-profile Ransomware attacks being reported on a daily basis.

“We have seen that during 2015 the number of security breaches in businesses is growing, they have become a clear and profitable target for cybercriminal gangs.”

For relatively little effort and technical know-how a hacker can target an organization using an off-the-shelf Ransomware variant and lock-down vital company data or deny operations – The attacker then demands a ransom (often payable by Bitcoin) in order to restore the system.

By pitching a ‘Goldilocks’ level of ransom the hackers maximize the number of organizations, without suitable disaster recovery plans (Backups), who consider it a cost effective risk to pay up. Although payment doesn’t always guarantee that the company will be able to retrieve their files, or that they won’t become a victim again in the future.

In order to stop an organization becoming a victim of cyber extortion a combination of security technology, company policy and training are the most important factors to avoid attack by cybercriminals.

This is why Panda Security has launched its Practical Security Guide to Prevent Cyber Extortion, in which gives advice on avoiding cyber extortion:

Advise your users: keep them up to date with good practice, current security risks and ‘con’-techniques
Set out rules for Internet use at work: assign a series of rules that control the reputation of websites that access is granted to.

Implement a security solution for your needs: make sure you have the right solution for your business according to your infrastructure and requirements.

Establish protocols: control installation and running of software. Also check which applications have been installed on a regular basis.

Always update: set out an update policy and block certain applications on your computers.

The tips above will help reduce the risk of attack and having a reliable ‘off-network’ back-up solution is indispensable in the event of a successful Ransomware attack.

How can you really protect your company?

“It is time for a change of mentality and applying a new approach, Endpoint Detection and Response (EDR) solutions are becoming a must for companies that want to be ready for current and emerging threats.”

Panda Adaptive Defense 360 is the first solution that guarantees to completely protect computers and servers, thanks to continuously monitoring 100% of the processes, allowing only legitimate programs to run.

“As a CISO, having the ability to know what processes are running in each endpoint / server, if their behavior is proper, with forensic capabilities in case a breach happens… is a game changer. It will give you the knowledge and facts to act fast and prevent / mitigate new threats in your organization.”

Adaptive Defense 360 includes its own security event management and storage system for real-time forensic analysis of all applications and processes run on your systems.

This and more information on how Panda Adaptive Defense 360 can help protect IT networks against all forms of cyberattack is available at