Ransomware has been weaponized by cyber extortionists and rogue governments, representing a potentially existential risk to companies that are victimized. The latest versions of crypto-ransomware target everything, including online backup, making even selective restoration a long and expensive exercise. Novel strains of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have made the headlines, displacing Locky, Spora, and NotPetya in notoriety, elaborateness, and destructiveness.
Most ransomware infections are the result of innocuous-looking emails with dangerous hyperlinks or file attachments, and a high percentage are so-called "zero-day" attacks that elude the defenses of legacy signature-matching antivirus (AV) tools. Although user education and up-front identification are critical to protect your network against ransomware attacks, leading practices dictate that you assume some attacks will eventually succeed and that you implement a strong backup solution that enables you to restore files and services quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service built around a remote discussion with a Progent cybersecurity consultant skilled in ransomware protection and repair. In the course of this interview Progent will work with your Allentown network managers to collect critical data concerning your cybersecurity posture and backup processes. Progent will use this information to generate a Basic Security and Best Practices Report detailing how to follow leading practices for implementing and managing your security and backup solution to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with crypto-ransomware prevention and restoration recovery. The review covers:
- Proper use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) permissions
- Optimal firewall settings
- Safe Remote Desktop Protocol connections
- Guidance for AntiVirus (AV) tools identification and deployment
The online interview included with the ProSight Ransomware Vulnerability Checkup service lasts about one hour for the average small business and requires more time for bigger or more complex IT environments. The report document includes suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent can provide as-needed consulting services to help you and your IT staff to design and deploy a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup integrity
- Backing up required servers such as Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the damage, the target is asked to pay a certain amount of money (the ransom), usually in the form of a crypto currency like Bitcoin, within a short period of time. There is no guarantee that paying the ransom will recover the damaged files or avoid its publication. Files can be altered or deleted across a network based on the target's write permissions, and you cannot reverse engineer the military-grade encryption technologies used on the hostage files. A common ransomware delivery package is spoofed email, whereby the victim is tricked into interacting with by a social engineering exploit known as spear phishing. This causes the email message to appear to come from a familiar source. Another popular vulnerability is an improperly secured Remote Desktop Protocol port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Notorious attacks include Locky, and Petya. Recent high-profile variants like Ryuk, DoppelPaymer and Spora are more elaborate and have caused more damage than earlier strains. Even if your backup/recovery processes allow you to recover your encrypted data, you can still be hurt by exfiltration, where ransomed documents are made public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no certainty that traditional signature-matching anti-virus tools will detect a new malware. If an attack does appear in an email, it is important that your users have been taught to be aware of social engineering tricks. Your last line of protection is a solid process for performing and retaining remote backups and the use of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Readiness Assessment in Allentown
For pricing details and to learn more about how Progent's ProSight Ransomware Vulnerability Checkup can bolster your protection against crypto-ransomware in Allentown, call Progent at 800-462-8800 or see Contact Progent.