Ransomware has become the weapon of choice for the major cyber-crime organizations and bad-actor states, representing a possibly existential risk to businesses that fall victim. The latest strains of crypto-ransomware go after all vulnerable resources, including online backup, making even partial recovery a complex and costly process. New versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have emerged, displacing Locky, Cerber, and CryptoWall in prominence, elaborateness, and destructiveness.
Most ransomware breaches are caused by innocuous-seeming emails that have malicious hyperlinks or file attachments, and a high percentage are "zero-day" variants that elude detection by legacy signature-matching antivirus (AV) tools. Although user education and up-front identification are important to protect against ransomware, leading practices dictate that you assume some malware will eventually get through and that you deploy a strong backup mechanism that enables you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around a remote interview with a Progent security consultant experienced in ransomware protection and repair. In the course of this interview Progent will collaborate directly with your Allen network management staff to gather critical data concerning your cybersecurity profile and backup processes. Progent will use this information to create a Basic Security and Best Practices Assessment documenting how to apply leading practices for implementing and managing your cybersecurity and backup systems to block or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on vital areas associated with crypto-ransomware defense and restoration recovery. The report covers:
- Proper allocation and use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Safe RDP configuration
- Advice about AntiVirus (AV) tools selection and configuration
The online interview for the ProSight Ransomware Preparedness Checkup service takes about one hour for a typical small business and longer for bigger or more complicated environments. The report document includes suggestions for enhancing your ability to block or clean up after a ransomware attack and Progent offers as-needed expertise to help you to design and deploy a cost-effective cybersecurity/data backup system tailored to your business requirements.
- Split permission model for backup protection
- Protecting key servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware sometimes locks the victim's computer. To avoid the damage, the victim is required to pay a certain amount of money, usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that paying the extortion price will recover the damaged files or prevent its exposure to the public. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A common ransomware attack vector is spoofed email, in which the target is tricked into interacting with by means of a social engineering technique known as spear phishing. This causes the email to appear to come from a familiar sender. Another common attack vector is a poorly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by different strains of ransomware is said to be billions of dollars per year, roughly doubling every two years. Notorious attacks are WannaCry, and Petya. Recent headline threats like Ryuk, Sodinokibi and Cerber are more sophisticated and have caused more havoc than earlier strains. Even if your backup processes allow you to restore your ransomed files, you can still be hurt by exfiltration, where ransomed documents are made public. Because additional variants of ransomware are launched every day, there is no certainty that traditional signature-matching anti-virus filters will detect the latest attack. If threat does appear in an email, it is critical that your end users have learned to be aware of phishing tricks. Your ultimate protection is a sound scheme for performing and keeping offsite backups and the use of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Assessment in Allen
For pricing information and to find out more about how Progent's ProSight Ransomware Susceptibility Evaluation can bolster your protection against ransomware in Allen, call Progent at 800-462-8800 or see Contact Progent.