Ransomware has been widely adopted by cybercriminals and malicious states, representing a possibly lethal threat to companies that are victimized. Current strains of crypto-ransomware go after all vulnerable resources, including online backup, making even selective restoration a long and costly exercise. Novel variations of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, displacing WannaCry, Spora, and NotPetya in notoriety, elaborateness, and destructive impact.
90% of ransomware infections are caused by innocent-seeming emails that include dangerous hyperlinks or attachments, and many are "zero-day" variants that can escape the defenses of traditional signature-based antivirus filters. While user education and frontline identification are critical to defend against ransomware, leading practices demand that you take for granted some attacks will inevitably succeed and that you implement a strong backup mechanism that permits you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Checkup is a low-cost service centered around an online interview with a Progent cybersecurity expert experienced in ransomware defense and recovery. During this interview Progent will collaborate directly with your Alpharetta IT management staff to collect critical data about your security profile and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Report detailing how to apply leading practices for configuring and administering your security and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital issues associated with ransomware prevention and restoration recovery. The report addresses:
- Proper allocation and use of administration accounts
- Correct NTFS and SMB authorizations
- Optimal firewall setup
- Secure Remote Desktop Protocol access
- Guidance for AntiVirus filtering identification and configuration
The online interview process included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small business and longer for larger or more complicated IT environments. The report document contains suggestions for improving your ability to block or recover from a ransomware attack and Progent offers as-needed expertise to help you and your IT staff to design and deploy a cost-effective cybersecurity/backup system tailored to your specific requirements.
- Split permission architecture for backup protection
- Protecting critical servers including AD
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the carnage, the target is asked to send a specified ransom, typically in the form of a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will restore the lost data or prevent its publication. Files can be encrypted or deleted across a network depending on the victim's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A common ransomware attack vector is booby-trapped email, in which the target is lured into interacting with by means of a social engineering technique known as spear phishing. This causes the email to look as though it came from a trusted sender. Another popular vulnerability is a poorly secured Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses caused by the many strains of ransomware is said to be billions of dollars per year, more than doubling every other year. Famous examples include WannaCry, and Petya. Current high-profile threats like Ryuk, Maze and Spora are more elaborate and have caused more damage than earlier versions. Even if your backup/recovery processes permit your business to recover your ransomed data, you can still be hurt by so-called exfiltration, where stolen documents are exposed to the public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that traditional signature-matching anti-virus tools will detect a new attack. If an attack does show up in an email, it is important that your end users have learned to be aware of social engineering tricks. Your last line of protection is a sound process for scheduling and keeping remote backups and the use of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Readiness Review in Alpharetta
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Readiness Audit can enhance your defense against ransomware in Alpharetta, call Progent at 800-993-9400 or see Contact Progent.