Ransomware has become the weapon of choice for cybercriminals and bad-actor states, representing a possibly lethal risk to businesses that fall victim. The latest versions of ransomware target all vulnerable resources, including backup, making even partial restoration a complex and expensive exercise. New variations of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Lockbit and Nephilim have made the headlines, replacing Locky, Spora, and NotPetya in notoriety, sophistication, and destructiveness.
90% of ransomware breaches come from innocuous-seeming emails that include malicious hyperlinks or attachments, and many are "zero-day" variants that can escape the defenses of legacy signature-matching antivirus (AV) filters. Although user education and frontline detection are critical to defend against ransomware, leading practices dictate that you take for granted some malware will inevitably succeed and that you implement a strong backup mechanism that enables you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service built around a remote discussion with a Progent cybersecurity expert skilled in ransomware defense and repair. During this interview Progent will work with your Akron network managers to gather pertinent information concerning your security configuration and backup environment. Progent will utilize this information to produce a Basic Security and Best Practices Report detailing how to apply best practices for implementing and administering your security and backup systems to prevent or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital areas associated with ransomware defense and restoration recovery. The report addresses:
- Effective allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Secure RDP connections
- Recommend AntiVirus (AV) filtering selection and configuration
The online interview for the ProSight Ransomware Preparedness Checkup service lasts about one hour for the average small business network and longer for bigger or more complex IT environments. The written report features suggestions for enhancing your ability to block or clean up after a ransomware incident and Progent offers as-needed consulting services to help your business to create an efficient cybersecurity/data backup system customized for your business needs.
- Split permission architecture for backup protection
- Protecting key servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the target is asked to pay a certain amount of money, typically via a crypto currency such as Bitcoin, within a brief time window. It is never certain that delivering the ransom will recover the lost files or avoid its exposure to the public. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A common ransomware attack vector is booby-trapped email, whereby the user is lured into interacting with by means of a social engineering exploit known as spear phishing. This makes the email message to look as though it came from a familiar sender. Another popular attack vector is a poorly secured Remote Desktop Protocol port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every other year. Famous attacks are Locky, and NotPetya. Recent high-profile variants like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have wreaked more havoc than older strains. Even if your backup processes permit your business to restore your encrypted data, you can still be threatened by exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because additional variants of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus tools will block the latest malware. If threat does appear in an email, it is important that your end users have been taught to identify phishing techniques. Your last line of defense is a sound scheme for scheduling and retaining remote backups plus the use of dependable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Consultation in Akron
For pricing details and to find out more about how Progent's ProSight Ransomware Readiness Consultation can enhance your defense against crypto-ransomware in Akron, phone Progent at 800-993-9400 or visit Contact Progent.