Ransomware has become the weapon of choice for cybercriminals and bad-actor governments, posing a possibly lethal threat to companies that are victimized. Modern strains of ransomware go after everything, including online backup, making even partial restoration a complex and costly exercise. New variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have emerged, replacing WannaCry, Spora, and CryptoWall in prominence, sophistication, and destructiveness.
90% of ransomware penetrations are the result of innocent-looking emails with malicious hyperlinks or file attachments, and a high percentage are "zero-day" attacks that elude the defenses of legacy signature-based antivirus filters. While user training and frontline identification are important to protect against ransomware, best practices dictate that you expect that some attacks will inevitably succeed and that you deploy a solid backup solution that enables you to restore files and services rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service built around a remote interview with a Progent cybersecurity consultant experienced in ransomware protection and recovery. During this assessment Progent will work with your Allentown IT management staff to collect pertinent data about your security configuration and backup processes. Progent will utilize this data to generate a Basic Security and Best Practices Report documenting how to apply best practices for configuring and managing your security and backup solution to prevent or recover from a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on vital issues related to ransomware defense and restoration recovery. The review covers:
- Proper allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB permissions
- Optimal firewall setup
- Secure Remote Desktop Protocol configuration
- Recommend AntiVirus filtering selection and configuration
The online interview process included with the ProSight Ransomware Preparedness Report service lasts about one hour for the average small business network and requires more time for bigger or more complicated environments. The report document contains suggestions for improving your ability to block or clean up after a ransomware incident and Progent offers on-demand consulting services to help you and your IT staff to design and deploy a cost-effective security/backup system tailored to your business needs.
- Split permission architecture for backup protection
- Protecting critical servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a variety of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware sometimes locks the target's computer. To avoid the damage, the victim is asked to pay a specified ransom, typically via a crypto currency like Bitcoin, within a brief time window. It is never certain that paying the ransom will recover the damaged data or avoid its publication. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption technologies used on the compromised files. A typical ransomware delivery package is tainted email, in which the target is tricked into responding to by means of a social engineering technique known as spear phishing. This makes the email message to appear to come from a familiar source. Another common attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by the many strains of ransomware is estimated at billions of dollars per year, more than doubling every other year. Famous attacks are WannaCry, and Petya. Recent headline threats like Ryuk, Sodinokibi and TeslaCrypt are more sophisticated and have caused more damage than earlier versions. Even if your backup/recovery processes allow you to recover your ransomed files, you can still be threatened by so-called exfiltration, where ransomed data are made public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no guarantee that traditional signature-based anti-virus filters will detect a new attack. If an attack does appear in an email, it is critical that your users have been taught to be aware of social engineering tricks. Your ultimate protection is a solid scheme for scheduling and retaining offsite backups and the use of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Vulnerability Review in Allentown
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Consultation can bolster your defense against ransomware in Allentown, phone Progent at 800-462-8800 or visit Contact Progent.