Ransomware has been widely adopted by the major cyber-crime organizations and rogue governments, posing a possibly existential risk to companies that fall victim. The latest versions of crypto-ransomware target all vulnerable resources, including online backup, making even selective restoration a complex and expensive process. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, LockBit and Egregor have made the headlines, displacing Locky, Spora, and CryptoWall in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware infections are caused by innocuous-seeming emails that have dangerous links or file attachments, and a high percentage are "zero-day" variants that elude detection by legacy signature-based antivirus tools. While user training and up-front detection are important to defend against ransomware attacks, leading practices dictate that you expect that some attacks will eventually succeed and that you put in place a strong backup solution that permits you to recover quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service centered around a remote interview with a Progent cybersecurity expert skilled in ransomware protection and recovery. In the course of this interview Progent will cooperate directly with your Allentown IT managers to collect pertinent data about your cybersecurity configuration and backup environment. Progent will use this information to create a Basic Security and Best Practices Report documenting how to adhere to best practices for configuring and administering your security and backup systems to block or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital issues associated with crypto-ransomware defense and restoration recovery. The report covers:
- Proper use of administration accounts
- Appropriate NTFS and SMB permissions
- Proper firewall settings
- Safe Remote Desktop Protocol configuration
- Guidance for AntiVirus (AV) tools selection and configuration
The online interview process included with the ProSight Ransomware Preparedness Report service lasts about an hour for a typical small business network and longer for larger or more complex IT environments. The report document features suggestions for improving your ability to block or recover from a ransomware incident and Progent can provide as-needed consulting services to assist you and your IT staff to design and deploy an efficient cybersecurity/data backup solution tailored to your business requirements.
- Split permission architecture for backup integrity
- Protecting required servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the target's computer. To prevent the carnage, the victim is required to pay a certain amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. It is not guaranteed that paying the ransom will restore the lost data or avoid its exposure to the public. Files can be altered or erased across a network based on the victim's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the compromised files. A typical ransomware delivery package is tainted email, whereby the victim is lured into interacting with by means of a social engineering exploit known as spear phishing. This makes the email to appear to come from a trusted source. Another popular attack vector is a poorly secured RDP port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the damage attributed to by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks are WannaCry, and NotPetya. Recent high-profile threats like Ryuk, DoppelPaymer and Spora are more sophisticated and have wreaked more damage than older versions. Even if your backup procedures permit your business to recover your encrypted files, you can still be threatened by exfiltration, where ransomed documents are exposed to the public. Because additional versions of ransomware are launched every day, there is no certainty that traditional signature-based anti-virus filters will block a new malware. If threat does show up in an email, it is important that your users have learned to be aware of social engineering tricks. Your ultimate protection is a sound scheme for scheduling and keeping remote backups and the deployment of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Evaluation in Allentown
For pricing details and to learn more about how Progent's ProSight Ransomware Preparedness Consultation can enhance your protection against crypto-ransomware in Allentown, phone Progent at 800-462-8800 or visit Contact Progent.