Ransomware has been widely adopted by cyber extortionists and rogue states, posing a potentially existential threat to businesses that fall victim. Modern versions of ransomware target everything, including backup, making even selective recovery a complex and costly exercise. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Lockbit and Egregor have made the headlines, replacing Locky, Spora, and CryptoWall in notoriety, elaborateness, and destructive impact.
Most ransomware breaches are the result of innocent-seeming emails with malicious links or file attachments, and many are so-called "zero-day" attacks that elude the defenses of traditional signature-matching antivirus (AV) filters. While user training and up-front identification are important to defend your network against ransomware, leading practices dictate that you expect that some malware will inevitably get through and that you put in place a solid backup solution that allows you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service centered around a remote discussion with a Progent security expert experienced in ransomware protection and recovery. In the course of this assessment Progent will cooperate directly with your Addison IT management staff to gather pertinent information concerning your security posture and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for configuring and managing your cybersecurity and backup systems to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues associated with ransomware defense and restoration recovery. The review addresses:
- Proper allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB permissions
- Proper firewall configuration
- Safe RDP access
- Guidance for AntiVirus (AV) filtering identification and deployment
The online interview included with the ProSight Ransomware Preparedness Checkup service takes about one hour for a typical small business and longer for larger or more complex environments. The written report contains suggestions for enhancing your ability to block or clean up after a ransomware assault and Progent can provide as-needed expertise to assist you to create an efficient security/data backup system customized for your business requirements.
- Split permission architecture for backup protection
- Backing up required servers including Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the damage, the victim is asked to send a specified ransom, typically in the form of a crypto currency like Bitcoin, within a short period of time. It is not guaranteed that delivering the extortion price will restore the lost data or prevent its exposure to the public. Files can be altered or deleted across a network based on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is spoofed email, whereby the victim is tricked into interacting with by a social engineering technique known as spear phishing. This causes the email message to look as though it came from a familiar sender. Another popular attack vector is a poorly secured Remote Desktop Protocol port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage attributed to by the many versions of ransomware is said to be billions of dollars per year, more than doubling every two years. Famous attacks include Locky, and Petya. Recent high-profile variants like Ryuk, DoppelPaymer and CryptoWall are more elaborate and have wreaked more havoc than earlier strains. Even if your backup processes allow your business to recover your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no certainty that conventional signature-matching anti-virus tools will detect the latest malware. If an attack does show up in an email, it is important that your users have been taught to be aware of social engineering techniques. Your ultimate defense is a sound process for performing and retaining remote backups and the deployment of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Consultation in Addison
For pricing details and to find out more about how Progent's ProSight Ransomware Susceptibility Review can enhance your defense against crypto-ransomware in Addison, phone Progent at 800-462-8800 or see Contact Progent.