In order to stop an organization becoming a victim of cyber extortion a combination of security technology, company policy and training are the most important factors to avoid attack by cybercriminals.
This is why Panda Security has launched its Practical Security Guide to Prevent Cyber Extortion, in which it highlights that European organizations suffer the highest number of sensitive data thefts.
Cyberextortion: a limitless threat
In recent years, the massive growth in cyberattacks has led to companies devoting more time and resources to combatting the problem, and finding a security solution that guarantees greater control of their files.
The majority of attacks that use this type of extortion have different origins: 39% come from insecure or fraudulent websites, 23% from programs downloaded from the Internet, and 19% come from infected emails or attached documents.
One of the most prevalent forms of cyberextortion is Ransomware, which starts with the cybercriminals installing a Trojan program whose purpose is encrypting vital company information. The victim is then advised their information is lost and decryption will only be provided after payment of a ransom (normally by Bitcoin). Although payment doesn’t always guarantee that the company will be able to retrieve their files, or that they won’t become a victim again in the future.
Type of malware: How do they affect the companies?
Businesses are considered the main target of this type of malware, as its aim is to cause as much damage as possible:
- Ransomware, the most common are Cryptolocker, Cryptowall, and CoinVault, which target the integrity of the file stored on the PC
- APT (Advanced Persistent Threat) is a system that manages and controls the security of the computer from inside
- Exploit takes advantage of a security flaw in communication protocols between computers
- Phishing, creates a false URL to steal bank details and identity
- Trojan, installs different applications that allow hackers to control the computer
- Worm, is able to infect all computers
Panda Security’s 5 tips for avoiding cyberextortion
- Advise your users: keep them up to date with the risks that are associated with not having a good security solution
- Set out rules for online use at work: assign a series of rules that control the reputation of websites that access is granted to.
- Design a solution to your needs: make sure you have the right solution for your business, and keep it updated.
- Establish protocols: control installation and running of software. Also, examine what applications have been installed periodically.
- Always update: set out an update policy and block certain applications on your computers.
2 comments
Great article on Cyberextortion!
I was curious to read more on what the Cyberextortion guide had to say, however the link above isn’t available for the Cyberextortion_Guide.pdf. I would love to share this with some of our clients.
Hello Carlos,
Please try with the following link: http://resources.pandasecurity.com/enterprise/documentation/AD360/Cyberextortion_Guide-en.pdf?_ga=2.206902995.1714682081.1514879091-425655867.1481617193
Thanks!
Kind Regards,
Panda Security.