Ransomware has been widely adopted by cybercriminals and malicious governments, representing a possibly lethal risk to businesses that fall victim. Modern versions of ransomware go after everything, including online backup, making even selective restoration a long and expensive process. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have made the headlines, replacing Locky, TeslaCrypt, and Petya in prominence, elaborateness, and destructive impact.
Most crypto-ransomware breaches come from innocuous-seeming emails with malicious hyperlinks or attachments, and many are "zero-day" strains that elude the defenses of traditional signature-based antivirus filters. Although user education and frontline identification are important to defend your network against ransomware, best practices demand that you take for granted some malware will eventually get through and that you put in place a solid backup solution that allows you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around a remote interview with a Progent security consultant experienced in ransomware defense and recovery. In the course of this interview Progent will collaborate directly with your Albany network managers to gather critical data concerning your security profile and backup processes. Progent will use this information to produce a Basic Security and Best Practices Report documenting how to adhere to leading practices for implementing and administering your security and backup systems to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on vital areas related to crypto-ransomware prevention and restoration recovery. The review addresses:
- Correct use of administration accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Optimal firewall configuration
- Safe Remote Desktop Protocol access
- Guidance for AntiVirus (AV) tools selection and configuration
The online interview included with the ProSight Ransomware Vulnerability Report service lasts about an hour for a typical small company and requires more time for larger or more complicated IT environments. The written report contains suggestions for enhancing your ability to ward off or clean up after a ransomware attack and Progent offers as-needed expertise to help you and your IT staff to design and deploy a cost-effective cybersecurity/data backup system tailored to your specific needs.
- Split permission model for backup protection
- Backing up critical servers such as AD
- Geographically dispersed backups including cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or steals files so they cannot be used or are publicized. Ransomware often locks the target's computer. To prevent the damage, the victim is required to send a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that delivering the extortion price will restore the damaged data or prevent its exposure to the public. Files can be altered or deleted throughout a network depending on the victim's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the hostage files. A common ransomware delivery package is booby-trapped email, whereby the target is tricked into interacting with by a social engineering exploit called spear phishing. This causes the email message to appear to come from a trusted sender. Another popular attack vector is an improperly protected RDP port.
The ransomware variant CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Famous attacks are Locky, and Petya. Current headline variants like Ryuk, Sodinokibi and Cerber are more complex and have wreaked more havoc than earlier strains. Even if your backup/recovery processes permit your business to recover your encrypted files, you can still be threatened by exfiltration, where ransomed data are exposed to the public. Because new versions of ransomware are launched daily, there is no guarantee that traditional signature-matching anti-virus filters will detect the latest attack. If threat does appear in an email, it is important that your users have learned to identify phishing techniques. Your last line of protection is a sound process for scheduling and keeping remote backups plus the use of reliable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Readiness Testing in Albany
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Audit can enhance your protection against crypto-ransomware in Albany, call Progent at 800-993-9400 or see Contact Progent.