Ransomware has become the weapon of choice for cybercriminals and bad-actor states, representing a potentially lethal risk to businesses that are victimized. Current strains of ransomware target everything, including backup, making even partial restoration a challenging and costly exercise. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Lockbit and Nephilim have emerged, displacing Locky, Spora, and CryptoWall in notoriety, sophistication, and destructive impact.
90% of ransomware breaches come from innocent-looking emails that have malicious hyperlinks or attachments, and many are so-called "zero-day" attacks that can escape detection by legacy signature-matching antivirus (AV) filters. While user education and up-front detection are critical to defend your network against ransomware attacks, leading practices dictate that you take for granted some malware will eventually succeed and that you put in place a strong backup mechanism that enables you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around a remote discussion with a Progent cybersecurity consultant experienced in ransomware defense and recovery. During this assessment Progent will work directly with your Addison IT management staff to collect pertinent information concerning your security configuration and backup environment. Progent will use this information to create a Basic Security and Best Practices Report detailing how to apply leading practices for implementing and managing your security and backup solution to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital issues associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Correct use of admin accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Proper firewall settings
- Secure RDP access
- Guidance for AntiVirus (AV) filtering selection and configuration
The remote interview for the ProSight Ransomware Preparedness Assessment service lasts about one hour for the average small business network and longer for bigger or more complex IT environments. The written report includes recommendations for enhancing your ability to block or clean up after a ransomware incident and Progent can provide as-needed expertise to help you and your IT staff to design and deploy an efficient security/data backup solution customized for your specific needs.
- Split permission model for backup protection
- Backing up required servers such as AD
- Offsite backups with cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware often locks the target's computer. To avoid the damage, the victim is required to send a certain amount of money (the ransom), usually via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will recover the lost data or avoid its publication. Files can be encrypted or erased throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the target is tricked into responding to by a social engineering technique known as spear phishing. This makes the email message to appear to come from a familiar sender. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage attributed to by different strains of ransomware is said to be billions of dollars per year, more than doubling every two years. Notorious attacks are WannaCry, and Petya. Recent headline threats like Ryuk, DoppelPaymer and CryptoWall are more complex and have wreaked more damage than older strains. Even if your backup/recovery procedures allow you to restore your encrypted files, you can still be threatened by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new variants of ransomware crop up every day, there is no certainty that traditional signature-based anti-virus tools will detect the latest malware. If an attack does appear in an email, it is important that your end users have learned to be aware of phishing techniques. Your last line of protection is a sound scheme for scheduling and keeping offsite backups plus the use of dependable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Preparedness Testing in Addison
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Assessment can enhance your defense against ransomware in Addison, phone Progent at 800-993-9400 or visit Contact Progent.