Ransomware has been weaponized by cyber extortionists and malicious governments, representing a possibly lethal risk to companies that fall victim. The latest versions of crypto-ransomware go after all vulnerable resources, including online backup, making even partial recovery a challenging and costly process. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Nephilim have emerged, replacing WannaCry, Spora, and CryptoWall in prominence, sophistication, and destructive impact.
90% of ransomware infections are caused by innocent-seeming emails that include dangerous hyperlinks or file attachments, and a high percentage are "zero-day" variants that elude the defenses of legacy signature-based antivirus filters. Although user education and frontline detection are critical to defend against ransomware attacks, leading practices dictate that you expect that some attacks will eventually succeed and that you put in place a strong backup mechanism that enables you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Report is a low-cost service built around a remote discussion with a Progent cybersecurity consultant skilled in ransomware protection and recovery. During this assessment Progent will cooperate directly with your Adelaide network managers to collect critical data concerning your security configuration and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Report detailing how to follow best practices for implementing and managing your security and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to ransomware prevention and restoration recovery. The report addresses:
- Proper use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Proper firewall settings
- Secure RDP access
- Guidance for AntiVirus (AV) filtering identification and deployment
The remote interview for the ProSight Ransomware Preparedness Checkup service lasts about an hour for the average small business network and requires more time for bigger or more complex environments. The written report contains recommendations for improving your ability to ward off or recover from a ransomware assault and Progent can provide on-demand expertise to help you and your IT staff to create an efficient cybersecurity/backup solution tailored to your specific requirements.
- Split permission model for backup integrity
- Backing up critical servers such as AD
- Offsite backups including cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To prevent the carnage, the victim is asked to send a certain amount of money (the ransom), typically in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will recover the damaged data or avoid its exposure to the public. Files can be encrypted or erased across a network based on the target's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is tainted email, in which the victim is lured into interacting with by a social engineering exploit called spear phishing. This causes the email to appear to come from a familiar source. Another common attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the modern era of ransomware in 2013, and the damage attributed to by the many strains of ransomware is estimated at billions of dollars annually, roughly doubling every two years. Notorious attacks are Locky, and NotPetya. Recent high-profile variants like Ryuk, Maze and Cerber are more sophisticated and have caused more havoc than earlier strains. Even if your backup processes permit you to restore your ransomed files, you can still be hurt by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new variants of ransomware are launched every day, there is no certainty that traditional signature-based anti-virus tools will detect the latest malware. If an attack does show up in an email, it is important that your end users have learned to identify social engineering tricks. Your last line of protection is a sound scheme for performing and retaining offsite backups plus the use of reliable recovery tools.
Ask Progent About the ProSight Ransomware Vulnerability Assessment in Adelaide
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Checkup can bolster your protection against ransomware in Adelaide, call Progent at 800-993-9400 or see Contact Progent.