Ransomware has been weaponized by cybercriminals and rogue states, posing a potentially existential threat to companies that fall victim. Current strains of crypto-ransomware target everything, including backup, making even partial recovery a long and costly exercise. Novel variations of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Egregor have emerged, replacing WannaCry, TeslaCrypt, and CryptoWall in notoriety, sophistication, and destructive impact.
90% of ransomware penetrations come from innocuous-seeming emails that include malicious hyperlinks or file attachments, and a high percentage are "zero-day" variants that can escape detection by traditional signature-based antivirus (AV) tools. Although user training and frontline detection are critical to protect your network against ransomware, leading practices demand that you expect that some malware will inevitably get through and that you implement a solid backup mechanism that permits you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service built around a remote discussion with a Progent cybersecurity expert experienced in ransomware defense and recovery. In the course of this assessment Progent will work directly with your Akron network management staff to collect critical data concerning your security setup and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report documenting how to adhere to leading practices for implementing and administering your cybersecurity and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to crypto-ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Proper firewall settings
- Secure RDP configuration
- Advice about AntiVirus filtering selection and configuration
The remote interview process included with the ProSight Ransomware Preparedness Assessment service takes about one hour for a typical small business and longer for larger or more complicated environments. The report document includes suggestions for improving your ability to block or clean up after a ransomware incident and Progent offers as-needed expertise to assist your business to create a cost-effective security/backup solution customized for your specific requirements.
- Split permission architecture for backup protection
- Backing up key servers including AD
- Offsite backups including cloud backup to Azure
Ransomware is a type of malicious software that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the damage, the victim is required to send a specified ransom, usually via a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that delivering the extortion price will restore the damaged files or prevent its exposure to the public. Files can be altered or erased across a network based on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the hostage files. A typical ransomware attack vector is spoofed email, whereby the user is tricked into interacting with by a social engineering exploit called spear phishing. This causes the email to appear to come from a familiar sender. Another popular attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by the many versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious examples are WannaCry, and NotPetya. Current headline threats like Ryuk, Sodinokibi and Spora are more elaborate and have wreaked more havoc than older strains. Even if your backup/recovery processes allow you to restore your encrypted data, you can still be threatened by exfiltration, where ransomed documents are made public. Because additional versions of ransomware crop up every day, there is no guarantee that conventional signature-matching anti-virus filters will detect a new malware. If threat does show up in an email, it is important that your users have been taught to identify social engineering techniques. Your last line of defense is a sound process for scheduling and keeping offsite backups plus the use of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Akron
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Assessment can enhance your protection against ransomware in Akron, phone Progent at 800-462-8800 or see Contact Progent.