Ransomware has become the weapon of choice for the major cyber-crime organizations and rogue governments, posing a possibly existential threat to companies that are victimized. Current strains of crypto-ransomware go after everything, including online backup, making even selective restoration a long and expensive process. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have made the headlines, replacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, sophistication, and destructiveness.
Most ransomware breaches come from innocent-looking emails with dangerous links or attachments, and many are so-called "zero-day" variants that can escape detection by traditional signature-based antivirus filters. Although user education and frontline detection are important to protect against ransomware attacks, best practices demand that you assume some attacks will eventually get through and that you put in place a strong backup mechanism that allows you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around a remote discussion with a Progent cybersecurity expert experienced in ransomware defense and recovery. During this assessment Progent will work directly with your Adelaide network managers to collect pertinent data about your security posture and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Assessment documenting how to apply best practices for configuring and managing your security and backup solution to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report highlights key areas related to ransomware defense and restoration recovery. The review covers:
- Effective use of admin accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Safe Remote Desktop Protocol configuration
- Recommend AntiVirus (AV) tools identification and configuration
The online interview included with the ProSight Ransomware Vulnerability Checkup service lasts about an hour for a typical small business and longer for larger or more complicated IT environments. The written report includes suggestions for enhancing your ability to block or clean up after a ransomware assault and Progent offers on-demand consulting services to assist you and your IT staff to design and deploy an efficient security/backup solution tailored to your business requirements.
- Split permission model for backup protection
- Protecting key servers such as AD
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the damage, the victim is asked to pay a certain amount of money (the ransom), usually via a crypto currency like Bitcoin, within a short period of time. It is not guaranteed that delivering the extortion price will recover the damaged files or avoid its exposure to the public. Files can be altered or erased throughout a network based on the target's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is booby-trapped email, whereby the target is tricked into responding to by a social engineering technique known as spear phishing. This causes the email message to appear to come from a trusted source. Another popular vulnerability is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage attributed to by different versions of ransomware is estimated at billions of dollars per year, more than doubling every other year. Notorious attacks are Locky, and Petya. Current high-profile variants like Ryuk, Maze and Spora are more elaborate and have wreaked more damage than earlier strains. Even if your backup/recovery processes permit you to restore your ransomed data, you can still be hurt by exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because new variants of ransomware are launched every day, there is no guarantee that conventional signature-matching anti-virus filters will block a new attack. If an attack does appear in an email, it is important that your end users have learned to identify phishing tricks. Your last line of protection is a sound scheme for performing and retaining offsite backups and the deployment of dependable recovery platforms.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Report in Adelaide
For pricing information and to find out more about how Progent's ProSight Ransomware Susceptibility Evaluation can enhance your defense against ransomware in Adelaide, call Progent at 800-462-8800 or visit Contact Progent.