Ransomware has become the weapon of choice for cybercriminals and rogue governments, posing a potentially lethal threat to businesses that are victimized. Current versions of ransomware go after everything, including online backup, making even selective recovery a complex and costly exercise. New versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, displacing WannaCry, Spora, and Petya in prominence, sophistication, and destructive impact.
Most crypto-ransomware breaches are the result of innocent-looking emails that have malicious links or attachments, and a high percentage are "zero-day" strains that elude the defenses of traditional signature-matching antivirus tools. Although user education and frontline identification are critical to protect your network against ransomware, best practices dictate that you expect that some attacks will eventually succeed and that you put in place a solid backup mechanism that permits you to recover quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service centered around an online interview with a Progent cybersecurity consultant skilled in ransomware defense and recovery. During this assessment Progent will collaborate directly with your Addison IT management staff to collect critical information concerning your cybersecurity profile and backup environment. Progent will use this data to produce a Basic Security and Best Practices Assessment documenting how to follow best practices for implementing and administering your security and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware defense and restoration recovery. The report addresses:
- Proper use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall settings
- Secure RDP configuration
- Advice about AntiVirus (AV) tools identification and configuration
The online interview process for the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small company and longer for bigger or more complicated IT environments. The report document features recommendations for improving your ability to block or clean up after a ransomware attack and Progent offers on-demand consulting services to assist you and your IT staff to create an efficient cybersecurity/data backup system customized for your specific requirements.
- Split permission model for backup protection
- Backing up key servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the target is required to pay a specified ransom, usually in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will recover the damaged files or avoid its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A typical ransomware attack vector is spoofed email, whereby the target is lured into responding to by a social engineering technique known as spear phishing. This makes the email message to look as though it came from a trusted source. Another popular attack vector is an improperly secured RDP port.
CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks are WannaCry, and Petya. Recent headline variants like Ryuk, Sodinokibi and TeslaCrypt are more elaborate and have caused more havoc than older strains. Even if your backup procedures allow your business to recover your encrypted data, you can still be threatened by exfiltration, where ransomed data are made public. Because additional versions of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus tools will detect a new malware. If threat does show up in an email, it is critical that your users have been taught to be aware of social engineering techniques. Your last line of protection is a sound process for performing and retaining offsite backups and the deployment of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Audit in Addison
For pricing details and to find out more about how Progent's ProSight Ransomware Vulnerability Assessment can enhance your defense against ransomware in Addison, phone Progent at 800-462-8800 or visit Contact Progent.