Ransomware has been widely adopted by cyber extortionists and bad-actor states, representing a possibly lethal risk to companies that fall victim. Current variations of crypto-ransomware go after everything, including backup, making even selective recovery a complex and costly exercise. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Lockbit and Nephilim have made the headlines, displacing WannaCry, Spora, and Petya in notoriety, sophistication, and destructive impact.
90% of crypto-ransomware breaches are caused by innocent-seeming emails with dangerous hyperlinks or file attachments, and a high percentage are "zero-day" variants that elude detection by traditional signature-matching antivirus (AV) tools. While user education and frontline identification are important to defend your network against ransomware, best practices demand that you assume some attacks will inevitably succeed and that you deploy a solid backup solution that allows you to repair the damage rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service centered around an online interview with a Progent cybersecurity consultant skilled in ransomware protection and recovery. During this interview Progent will collaborate with your Akron IT management staff to collect critical data concerning your security posture and backup environment. Progent will use this data to generate a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and administering your security and backup solution to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key areas related to ransomware defense and restoration recovery. The report addresses:
- Effective use of admin accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol configuration
- Advice about AntiVirus (AV) tools selection and deployment
The online interview process included with the ProSight Ransomware Vulnerability Checkup service takes about an hour for a typical small business and requires more time for larger or more complex IT environments. The written report contains suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent offers on-demand expertise to assist you to design and deploy a cost-effective security/data backup system customized for your specific requirements.
- Split permission architecture for backup integrity
- Protecting key servers including AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they cannot be used or are publicized. Ransomware sometimes locks the target's computer. To avoid the damage, the target is asked to send a certain ransom, typically in the form of a crypto currency such as Bitcoin, within a short period of time. It is never certain that paying the extortion price will recover the damaged data or avoid its exposure to the public. Files can be altered or erased across a network depending on the target's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A common ransomware delivery package is spoofed email, in which the target is tricked into responding to by means of a social engineering technique called spear phishing. This causes the email to appear to come from a trusted sender. Another popular vulnerability is an improperly protected RDP port.
CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage attributed to by different strains of ransomware is estimated at billions of dollars annually, more than doubling every two years. Notorious attacks are Locky, and NotPetya. Current headline threats like Ryuk, DoppelPaymer and TeslaCrypt are more complex and have caused more havoc than older strains. Even if your backup/recovery processes permit your business to restore your encrypted data, you can still be threatened by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because new versions of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus tools will block the latest malware. If an attack does appear in an email, it is important that your users have learned to identify social engineering tricks. Your last line of defense is a sound scheme for performing and keeping offsite backups and the use of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Review in Akron
For pricing details and to learn more about how Progent's ProSight Ransomware Readiness Review can enhance your defense against crypto-ransomware in Akron, phone Progent at 800-462-8800 or see Contact Progent.