Ransomware has become the weapon of choice for cyber extortionists and rogue states, representing a possibly lethal threat to companies that are victimized. The latest versions of crypto-ransomware target all vulnerable resources, including backup, making even selective restoration a challenging and expensive exercise. New variations of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, replacing Locky, TeslaCrypt, and Petya in prominence, elaborateness, and destructive impact.
Most ransomware penetrations are caused by innocuous-looking emails that include malicious hyperlinks or attachments, and many are so-called "zero-day" attacks that can escape detection by traditional signature-based antivirus tools. Although user education and up-front detection are critical to protect your network against ransomware attacks, leading practices dictate that you assume some malware will eventually succeed and that you implement a solid backup mechanism that enables you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around an online interview with a Progent security consultant skilled in ransomware defense and recovery. In the course of this interview Progent will cooperate directly with your Anaheim network managers to gather critical data concerning your cybersecurity profile and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Assessment documenting how to apply leading practices for configuring and administering your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital issues associated with crypto-ransomware prevention and restoration recovery. The report addresses:
- Correct use of administration accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Secure Remote Desktop Protocol configuration
- Guidance for AntiVirus tools identification and configuration
The remote interview process for the ProSight Ransomware Preparedness Report service takes about one hour for a typical small business network and longer for bigger or more complicated IT environments. The report document contains suggestions for improving your ability to ward off or clean up after a ransomware attack and Progent can provide on-demand expertise to help you and your IT staff to create a cost-effective cybersecurity/backup system customized for your specific needs.
- Split permission model for backup integrity
- Protecting required servers including Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or steals files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the carnage, the victim is asked to send a certain amount of money (the ransom), usually via a crypto currency such as Bitcoin, within a short time window. It is not guaranteed that delivering the extortion price will recover the lost files or avoid its publication. Files can be encrypted or deleted across a network based on the victim's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A common ransomware attack vector is tainted email, whereby the target is tricked into responding to by a social engineering exploit called spear phishing. This causes the email to look as though it came from a familiar source. Another popular vulnerability is a poorly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker ushered in the modern era of ransomware in 2013, and the monetary losses attributed to by different strains of ransomware is said to be billions of dollars per year, roughly doubling every two years. Famous attacks include Locky, and Petya. Current high-profile variants like Ryuk, DoppelPaymer and TeslaCrypt are more elaborate and have wreaked more damage than older strains. Even if your backup/recovery processes enable your business to restore your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because additional variants of ransomware crop up daily, there is no guarantee that conventional signature-based anti-virus tools will detect the latest malware. If threat does appear in an email, it is critical that your users have been taught to be aware of social engineering techniques. Your last line of protection is a solid process for scheduling and retaining remote backups plus the deployment of dependable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Review in Anaheim
For pricing information and to learn more about how Progent's ProSight Crypto-Ransomware Vulnerability Checkup can enhance your defense against ransomware in Anaheim, call Progent at 800-462-8800 or see Contact Progent.