Ransomware has been weaponized by the major cyber-crime organizations and malicious states, posing a possibly lethal risk to businesses that are breached. The latest variations of crypto-ransomware go after all vulnerable resources, including backup, making even partial restoration a complex and expensive process. New versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Egregor have made the headlines, replacing Locky, Cerber, and NotPetya in notoriety, sophistication, and destructiveness.
Most ransomware penetrations are the result of innocent-seeming emails with dangerous hyperlinks or file attachments, and a high percentage are "zero-day" attacks that can escape detection by traditional signature-matching antivirus (AV) tools. Although user training and frontline identification are critical to defend against ransomware attacks, best practices dictate that you take for granted some malware will eventually get through and that you prepare a solid backup mechanism that enables you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service centered around a remote interview with a Progent security consultant skilled in ransomware defense and recovery. In the course of this assessment Progent will work directly with your Addison IT managers to gather pertinent data concerning your security posture and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Report documenting how to follow leading practices for configuring and managing your security and backup solution to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital areas related to crypto-ransomware defense and restoration recovery. The review addresses:
- Correct use of administration accounts
- Correct NTFS and SMB authorizations
- Optimal firewall setup
- Safe Remote Desktop Protocol access
- Advice about AntiVirus (AV) tools identification and deployment
The remote interview process for the ProSight Ransomware Preparedness Assessment service lasts about one hour for the average small business network and longer for bigger or more complex environments. The report document includes recommendations for enhancing your ability to block or clean up after a ransomware assault and Progent offers as-needed expertise to assist you and your IT staff to create an efficient cybersecurity/data backup system tailored to your specific requirements.
- Split permission model for backup protection
- Backing up key servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals files so they are unusable or are made publicly available. Ransomware sometimes locks the target's computer. To prevent the carnage, the target is asked to pay a specified ransom, usually in the form of a crypto currency such as Bitcoin, within a brief time window. It is not guaranteed that paying the extortion price will recover the lost files or avoid its exposure to the public. Files can be encrypted or deleted throughout a network depending on the target's write permissions, and you cannot solve the strong encryption technologies used on the compromised files. A common ransomware attack vector is booby-trapped email, whereby the user is lured into interacting with by means of a social engineering technique called spear phishing. This makes the email message to appear to come from a familiar sender. Another common vulnerability is an improperly secured Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage attributed to by different versions of ransomware is said to be billions of dollars per year, more than doubling every two years. Famous examples are Locky, and NotPetya. Recent headline variants like Ryuk, Sodinokibi and Spora are more sophisticated and have wreaked more damage than older versions. Even if your backup/recovery processes allow your business to recover your ransomed files, you can still be threatened by exfiltration, where ransomed data are exposed to the public. Because new versions of ransomware crop up daily, there is no guarantee that traditional signature-matching anti-virus tools will block a new malware. If an attack does appear in an email, it is critical that your end users have learned to identify social engineering techniques. Your last line of protection is a solid scheme for scheduling and keeping offsite backups plus the use of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Susceptibility Report in Addison
For pricing details and to learn more about how Progent's ProSight Ransomware Readiness Audit can enhance your protection against ransomware in Addison, phone Progent at 800-462-8800 or see Contact Progent.