Ransomware has been widely adopted by the major cyber-crime organizations and bad-actor governments, posing a possibly existential risk to companies that are successfully attacked. Modern variations of crypto-ransomware target everything, including online backup, making even selective restoration a long and costly process. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have emerged, displacing Locky, TeslaCrypt, and NotPetya in prominence, elaborateness, and destructive impact.
90% of ransomware penetrations are the result of innocent-seeming emails with malicious links or file attachments, and a high percentage are "zero-day" strains that can escape detection by legacy signature-matching antivirus (AV) tools. While user education and up-front detection are critical to protect against ransomware, leading practices dictate that you assume some malware will eventually succeed and that you prepare a strong backup mechanism that permits you to recover quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service centered around an online interview with a Progent cybersecurity expert skilled in ransomware defense and recovery. In the course of this assessment Progent will work directly with your Allentown IT management staff to gather critical data about your security profile and backup environment. Progent will use this information to create a Basic Security and Best Practices Report detailing how to follow leading practices for implementing and administering your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas associated with ransomware defense and restoration recovery. The review covers:
- Correct use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall setup
- Secure RDP configuration
- Advice about AntiVirus (AV) tools identification and configuration
The remote interview included with the ProSight Ransomware Vulnerability Report service takes about one hour for a typical small business and longer for larger or more complicated IT environments. The written report contains suggestions for improving your ability to block or clean up after a ransomware incident and Progent can provide on-demand consulting services to help you to create a cost-effective cybersecurity/backup solution tailored to your specific requirements.
- Split permission model for backup protection
- Protecting required servers such as Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals files so they are unusable or are made publicly available. Ransomware often locks the target's computer. To avoid the damage, the target is asked to send a certain amount of money, usually in the form of a crypto currency such as Bitcoin, within a brief period of time. It is not guaranteed that paying the ransom will recover the lost files or avoid its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A common ransomware delivery package is booby-trapped email, whereby the target is tricked into responding to by a social engineering exploit called spear phishing. This causes the email message to look as though it came from a familiar source. Another common vulnerability is an improperly secured Remote Desktop Protocol port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars per year, more than doubling every other year. Famous examples include WannaCry, and Petya. Current headline threats like Ryuk, Sodinokibi and Cerber are more complex and have caused more havoc than older versions. Even if your backup processes permit you to restore your ransomed data, you can still be hurt by exfiltration, where ransomed documents are exposed to the public. Because new versions of ransomware are launched daily, there is no certainty that traditional signature-matching anti-virus tools will block a new attack. If threat does appear in an email, it is important that your users have learned to be aware of social engineering techniques. Your ultimate protection is a sound process for performing and keeping remote backups and the deployment of dependable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Testing in Allentown
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Evaluation can bolster your defense against ransomware in Allentown, phone Progent at 800-993-9400 or see Contact Progent.