Ransomware has been widely adopted by cybercriminals and bad-actor governments, representing a potentially existential threat to businesses that are breached. The latest variations of ransomware go after everything, including backup, making even partial restoration a challenging and costly process. Novel variations of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Snatch and Egregor have made the headlines, replacing Locky, Spora, and NotPetya in notoriety, elaborateness, and destructiveness.
Most crypto-ransomware penetrations come from innocuous-seeming emails with malicious hyperlinks or file attachments, and many are so-called "zero-day" variants that can escape the defenses of traditional signature-based antivirus (AV) tools. Although user education and up-front detection are critical to defend against ransomware, leading practices dictate that you expect that some attacks will eventually get through and that you put in place a solid backup solution that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service built around an online discussion with a Progent cybersecurity consultant experienced in ransomware protection and recovery. During this assessment Progent will work directly with your Anaheim IT managers to gather pertinent information concerning your security setup and backup environment. Progent will use this information to generate a Basic Security and Best Practices Report detailing how to adhere to best practices for configuring and managing your cybersecurity and backup systems to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital areas associated with crypto-ransomware defense and restoration recovery. The report covers:
- Proper use of admin accounts
- Correct NTFS and SMB authorizations
- Optimal firewall configuration
- Safe RDP connections
- Recommend AntiVirus filtering selection and deployment
The remote interview process included with the ProSight Ransomware Preparedness Checkup service lasts about one hour for the average small business and longer for bigger or more complex IT environments. The written report contains suggestions for improving your ability to ward off or recover from a ransomware assault and Progent offers as-needed expertise to help your business to create a cost-effective security/data backup solution customized for your specific needs.
- Split permission model for backup protection
- Backing up critical servers such as Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To prevent the carnage, the target is asked to pay a certain amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short time window. It is not guaranteed that paying the ransom will recover the lost data or avoid its publication. Files can be altered or deleted throughout a network based on the victim's write permissions, and you cannot break the strong encryption algorithms used on the compromised files. A common ransomware delivery package is booby-trapped email, whereby the victim is lured into interacting with by a social engineering technique called spear phishing. This makes the email message to appear to come from a familiar sender. Another common attack vector is an improperly secured RDP port.
CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by the many versions of ransomware is estimated at billions of dollars per year, roughly doubling every other year. Famous attacks include WannaCry, and NotPetya. Recent high-profile threats like Ryuk, Maze and CryptoWall are more elaborate and have caused more damage than earlier versions. Even if your backup processes enable your business to recover your encrypted data, you can still be threatened by exfiltration, where stolen documents are made public. Because new variants of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus tools will detect the latest malware. If threat does show up in an email, it is critical that your end users have learned to be aware of phishing techniques. Your ultimate protection is a sound scheme for scheduling and keeping offsite backups and the deployment of reliable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Readiness Consultation in Anaheim
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Testing can enhance your defense against crypto-ransomware in Anaheim, call Progent at 800-462-8800 or visit Contact Progent.