Ransomware has been weaponized by the major cyber-crime organizations and malicious states, representing a possibly existential risk to companies that are victimized. Modern versions of crypto-ransomware target all vulnerable resources, including backup, making even selective recovery a challenging and costly exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, replacing WannaCry, Cerber, and NotPetya in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware infections are caused by innocent-looking emails that have dangerous hyperlinks or file attachments, and a high percentage are so-called "zero-day" strains that can escape the defenses of legacy signature-matching antivirus tools. Although user training and frontline detection are critical to protect against ransomware attacks, leading practices demand that you assume some attacks will inevitably succeed and that you implement a solid backup solution that permits you to restore files and services quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around an online discussion with a Progent cybersecurity expert skilled in ransomware defense and repair. During this interview Progent will collaborate with your Alexandria IT managers to collect pertinent information concerning your cybersecurity posture and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Assessment detailing how to adhere to best practices for implementing and managing your cybersecurity and backup solution to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key areas related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Effective allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall settings
- Secure Remote Desktop Protocol (RDP) access
- Guidance for AntiVirus tools selection and deployment
The remote interview included with the ProSight Ransomware Preparedness Report service lasts about an hour for the average small company and requires more time for larger or more complicated IT environments. The written report contains recommendations for improving your ability to block or clean up after a ransomware assault and Progent offers as-needed consulting services to assist you and your IT staff to create a cost-effective cybersecurity/backup system tailored to your business needs.
- Split permission architecture for backup protection
- Protecting required servers including AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or deletes files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the victim is required to send a specified ransom, usually in the form of a crypto currency such as Bitcoin, within a brief time window. It is never certain that delivering the extortion price will restore the lost files or prevent its publication. Files can be altered or erased throughout a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is booby-trapped email, whereby the user is lured into responding to by a social engineering exploit called spear phishing. This makes the email to appear to come from a trusted sender. Another popular attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks include Locky, and NotPetya. Recent headline threats like Ryuk, DoppelPaymer and Spora are more complex and have wreaked more havoc than earlier versions. Even if your backup/recovery processes permit your business to recover your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are exposed to the public. Because new variants of ransomware are launched every day, there is no guarantee that conventional signature-matching anti-virus tools will block a new malware. If an attack does appear in an email, it is critical that your users have learned to identify social engineering techniques. Your last line of defense is a solid process for scheduling and keeping offsite backups plus the use of dependable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Readiness Evaluation in Alexandria
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Assessment can enhance your defense against ransomware in Alexandria, call Progent at 800-462-8800 or visit Contact Progent.