Ransomware has become the weapon of choice for cyber extortionists and malicious states, posing a possibly lethal risk to businesses that are victimized. The latest strains of crypto-ransomware target everything, including backup, making even partial recovery a complex and costly exercise. Novel versions of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, displacing WannaCry, TeslaCrypt, and NotPetya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware breaches come from innocent-looking emails that have malicious links or file attachments, and a high percentage are so-called "zero-day" variants that elude detection by legacy signature-matching antivirus tools. While user training and up-front identification are critical to defend against ransomware attacks, best practices demand that you take for granted some malware will eventually succeed and that you put in place a solid backup solution that enables you to restore files and services quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Checkup is a low-cost service built around a remote interview with a Progent security expert experienced in ransomware defense and recovery. In the course of this interview Progent will cooperate with your Allentown network managers to gather critical information about your security setup and backup processes. Progent will use this information to produce a Basic Security and Best Practices Assessment documenting how to apply leading practices for implementing and administering your cybersecurity and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key issues related to crypto-ransomware defense and restoration recovery. The report covers:
- Correct allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB authorizations
- Proper firewall setup
- Secure Remote Desktop Protocol (RDP) configuration
- Guidance for AntiVirus (AV) filtering identification and configuration
The remote interview included with the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small company and longer for larger or more complicated IT environments. The report document features recommendations for enhancing your ability to block or clean up after a ransomware incident and Progent offers as-needed expertise to help your business to create an efficient security/data backup system tailored to your specific requirements.
- Split permission model for backup integrity
- Backing up key servers including Active Directory
- Offsite backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes a victim's files so they are unusable or are publicized. Ransomware often locks the victim's computer. To prevent the damage, the target is asked to pay a certain amount of money, usually in the form of a crypto currency such as Bitcoin, within a short period of time. There is no guarantee that paying the ransom will restore the damaged files or avoid its exposure to the public. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the hostage files. A typical ransomware delivery package is tainted email, in which the target is lured into responding to by means of a social engineering exploit called spear phishing. This makes the email message to appear to come from a familiar source. Another popular vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the new age of ransomware in 2013, and the damage attributed to by the many versions of ransomware is said to be billions of dollars annually, more than doubling every other year. Famous attacks are Locky, and NotPetya. Current high-profile threats like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have caused more havoc than older versions. Even if your backup/recovery processes allow you to restore your ransomed files, you can still be hurt by so-called exfiltration, where ransomed documents are made public. Because additional versions of ransomware crop up daily, there is no guarantee that conventional signature-matching anti-virus tools will detect the latest attack. If an attack does appear in an email, it is important that your end users have been taught to be aware of social engineering techniques. Your last line of defense is a solid scheme for performing and keeping remote backups plus the deployment of dependable recovery tools.
Ask Progent About the ProSight Crypto-Ransomware Vulnerability Audit in Allentown
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Evaluation can enhance your protection against crypto-ransomware in Allentown, call Progent at 800-462-8800 or visit Contact Progent.