Ransomware has been widely adopted by cyber extortionists and rogue governments, representing a potentially existential risk to businesses that fall victim. The latest variations of ransomware target all vulnerable resources, including backup, making even partial restoration a challenging and costly exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have emerged, replacing Locky, TeslaCrypt, and CryptoWall in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware infections are the result of innocent-seeming emails that have dangerous hyperlinks or file attachments, and a high percentage are "zero-day" attacks that can escape the defenses of traditional signature-based antivirus (AV) tools. Although user education and up-front identification are important to defend against ransomware, best practices dictate that you assume some attacks will inevitably get through and that you prepare a solid backup mechanism that permits you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service centered around a remote interview with a Progent security expert experienced in ransomware protection and repair. In the course of this assessment Progent will work directly with your Alpharetta IT managers to collect pertinent information concerning your cybersecurity setup and backup processes. Progent will utilize this information to generate a Basic Security and Best Practices Assessment documenting how to follow best practices for implementing and administering your security and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key areas related to ransomware defense and restoration recovery. The review addresses:
- Effective allocation and use of admin accounts
- Correct NTFS and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Safe RDP configuration
- Advice about AntiVirus filtering selection and configuration
The online interview process for the ProSight Ransomware Vulnerability Checkup service takes about one hour for the average small company and longer for bigger or more complicated IT environments. The written report contains recommendations for enhancing your ability to block or recover from a ransomware assault and Progent can provide on-demand consulting services to help you and your IT staff to create an efficient security/data backup system customized for your business needs.
- Split permission architecture for backup protection
- Protecting required servers including Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or steals files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To prevent the carnage, the target is required to pay a certain amount of money, typically in the form of a crypto currency like Bitcoin, within a brief period of time. There is no guarantee that delivering the extortion price will restore the damaged data or prevent its publication. Files can be encrypted or erased throughout a network depending on the target's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is booby-trapped email, in which the victim is lured into interacting with by means of a social engineering technique called spear phishing. This makes the email to appear to come from a familiar sender. Another popular vulnerability is a poorly protected RDP port.
CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses attributed to by the many strains of ransomware is said to be billions of dollars per year, more than doubling every other year. Notorious examples include Locky, and NotPetya. Recent headline variants like Ryuk, DoppelPaymer and CryptoWall are more complex and have wreaked more havoc than older versions. Even if your backup/recovery procedures permit you to restore your ransomed data, you can still be hurt by exfiltration, where ransomed data are exposed to the public (known as "doxxing"). Because new variants of ransomware are launched daily, there is no certainty that conventional signature-based anti-virus filters will detect a new attack. If threat does show up in an email, it is critical that your users have been taught to identify social engineering tricks. Your last line of defense is a solid scheme for performing and keeping remote backups plus the use of reliable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Review in Alpharetta
For pricing information and to learn more about how Progent's ProSight Ransomware Preparedness Testing can bolster your defense against ransomware in Alpharetta, call Progent at 800-462-8800 or see Contact Progent.