Ransomware has been weaponized by cybercriminals and bad-actor states, representing a possibly lethal risk to businesses that are breached. Current variations of crypto-ransomware go after everything, including online backup, making even partial restoration a long and expensive process. New variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Nephilim have emerged, displacing Locky, TeslaCrypt, and Petya in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware penetrations are the result of innocent-looking emails with dangerous links or file attachments, and many are so-called "zero-day" variants that elude the defenses of traditional signature-matching antivirus filters. While user training and frontline detection are critical to defend your network against ransomware attacks, leading practices dictate that you assume some attacks will inevitably get through and that you implement a strong backup mechanism that allows you to recover rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around a remote discussion with a Progent security expert experienced in ransomware defense and repair. In the course of this assessment Progent will work directly with your Allen IT managers to gather critical data about your security profile and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Report documenting how to apply leading practices for implementing and managing your cybersecurity and backup systems to block or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report highlights vital issues associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Effective allocation and use of admin accounts
- Correct NTFS (New Technology File System) and SMB permissions
- Proper firewall setup
- Safe RDP connections
- Guidance for AntiVirus tools identification and configuration
The remote interview for the ProSight Ransomware Vulnerability Report service lasts about one hour for a typical small business and requires more time for bigger or more complex environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware attack and Progent can provide on-demand consulting services to help your business to design and deploy a cost-effective security/data backup system customized for your business needs.
- Split permission model for backup integrity
- Backing up key servers such as Active Directory
- Offsite backups including cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals files so they are unusable or are publicized. Ransomware often locks the target's computer. To avoid the damage, the victim is asked to pay a certain amount of money, typically via a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the ransom will restore the lost files or prevent its exposure to the public. Files can be altered or erased across a network depending on the target's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the compromised files. A common ransomware attack vector is tainted email, whereby the user is tricked into interacting with by means of a social engineering technique known as spear phishing. This makes the email to appear to come from a familiar sender. Another common attack vector is an improperly secured Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage caused by different versions of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Notorious attacks are WannaCry, and NotPetya. Current high-profile variants like Ryuk, Maze and Cerber are more complex and have caused more damage than earlier strains. Even if your backup procedures permit you to restore your ransomed data, you can still be threatened by exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because additional versions of ransomware are launched every day, there is no certainty that conventional signature-based anti-virus filters will detect a new malware. If an attack does show up in an email, it is critical that your users have been taught to identify social engineering techniques. Your last line of protection is a sound scheme for scheduling and retaining offsite backups plus the deployment of reliable restoration tools.
Contact Progent About the ProSight Ransomware Readiness Evaluation in Allen
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Review can enhance your protection against crypto-ransomware in Allen, call Progent at 800-462-8800 or visit Contact Progent.