Ransomware has been widely adopted by cybercriminals and bad-actor governments, representing a possibly lethal risk to companies that are successfully attacked. The latest strains of ransomware target all vulnerable resources, including backup, making even selective recovery a long and costly exercise. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Conti and Nephilim have made the headlines, replacing WannaCry, Spora, and Petya in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware breaches come from innocuous-looking emails that include dangerous hyperlinks or attachments, and a high percentage are so-called "zero-day" strains that can escape the defenses of legacy signature-matching antivirus (AV) filters. While user training and up-front detection are important to protect against ransomware attacks, best practices demand that you assume some attacks will eventually succeed and that you deploy a strong backup solution that enables you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around a remote interview with a Progent security consultant experienced in ransomware defense and repair. In the course of this interview Progent will collaborate directly with your Albuquerque network management staff to gather critical information about your security configuration and backup processes. Progent will use this data to produce a Basic Security and Best Practices Report detailing how to follow best practices for configuring and managing your security and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key areas related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Correct allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Optimal firewall configuration
- Safe RDP configuration
- Recommend AntiVirus filtering identification and configuration
The remote interview for the ProSight Ransomware Preparedness Report service lasts about an hour for a typical small business and requires more time for bigger or more complicated IT environments. The report document features recommendations for improving your ability to block or clean up after a ransomware incident and Progent can provide on-demand expertise to assist you and your IT staff to create an efficient cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup protection
- Protecting key servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the victim is required to pay a certain ransom, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is not guaranteed that delivering the extortion price will recover the damaged data or prevent its exposure to the public. Files can be encrypted or deleted across a network depending on the target's write permissions, and you cannot break the strong encryption technologies used on the hostage files. A common ransomware attack vector is spoofed email, whereby the victim is lured into interacting with by a social engineering exploit called spear phishing. This causes the email message to appear to come from a trusted source. Another common attack vector is a poorly protected RDP port.
CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious attacks are Locky, and NotPetya. Current high-profile threats like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have caused more havoc than earlier strains. Even if your backup/recovery procedures permit your business to recover your encrypted files, you can still be threatened by exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because new variants of ransomware crop up every day, there is no guarantee that conventional signature-matching anti-virus filters will block the latest attack. If threat does appear in an email, it is critical that your users have learned to identify phishing tricks. Your last line of defense is a solid process for scheduling and retaining offsite backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Vulnerability Audit in Albuquerque
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Report can bolster your defense against crypto-ransomware in Albuquerque, call Progent at 800-462-8800 or visit Contact Progent.