Ransomware has been widely adopted by cyber extortionists and bad-actor governments, representing a potentially existential threat to companies that are breached. Current variations of crypto-ransomware go after all vulnerable resources, including online backup, making even partial recovery a challenging and costly process. Novel variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, LockBit and Nephilim have emerged, displacing Locky, TeslaCrypt, and NotPetya in prominence, elaborateness, and destructiveness.
Most crypto-ransomware infections are the result of innocent-seeming emails with malicious links or attachments, and many are so-called "zero-day" variants that elude detection by legacy signature-based antivirus (AV) filters. While user education and frontline detection are critical to defend your network against ransomware, leading practices dictate that you take for granted some attacks will inevitably get through and that you prepare a strong backup mechanism that enables you to repair the damage quickly with little if any damage.
Progent's ProSight Ransomware Vulnerability Checkup is an ultra-affordable service built around a remote discussion with a Progent security consultant skilled in ransomware defense and repair. In the course of this assessment Progent will collaborate directly with your Anaheim IT managers to collect critical data concerning your cybersecurity posture and backup environment. Progent will use this information to produce a Basic Security and Best Practices Assessment documenting how to follow leading practices for configuring and managing your cybersecurity and backup systems to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights key issues related to ransomware defense and restoration recovery. The review addresses:
- Effective allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall settings
- Safe Remote Desktop Protocol (RDP) access
- Advice about AntiVirus (AV) filtering identification and configuration
The remote interview for the ProSight Ransomware Preparedness Report service lasts about one hour for the average small business and requires more time for bigger or more complex environments. The written report features suggestions for improving your ability to block or recover from a ransomware incident and Progent offers as-needed expertise to assist you and your IT staff to create a cost-effective cybersecurity/backup system customized for your business needs.
- Split permission model for backup protection
- Protecting critical servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the target's computer. To prevent the damage, the victim is asked to send a specified amount of money, usually via a crypto currency like Bitcoin, within a short time window. It is not guaranteed that paying the extortion price will recover the damaged files or prevent its exposure to the public. Files can be encrypted or erased across a network depending on the victim's write permissions, and you cannot solve the strong encryption technologies used on the compromised files. A common ransomware delivery package is spoofed email, in which the target is tricked into responding to by means of a social engineering exploit known as spear phishing. This causes the email to appear to come from a familiar source. Another popular vulnerability is a poorly protected RDP port.
CryptoLocker opened the new age of ransomware in 2013, and the monetary losses attributed to by the many versions of ransomware is said to be billions of dollars per year, roughly doubling every two years. Famous attacks include Locky, and NotPetya. Recent high-profile threats like Ryuk, Sodinokibi and CryptoWall are more sophisticated and have caused more damage than older versions. Even if your backup/recovery processes enable your business to restore your encrypted data, you can still be hurt by exfiltration, where stolen data are exposed to the public (known as "doxxing"). Because additional variants of ransomware crop up daily, there is no guarantee that traditional signature-based anti-virus filters will detect the latest attack. If an attack does appear in an email, it is critical that your end users have learned to identify social engineering techniques. Your ultimate protection is a sound process for performing and keeping remote backups plus the deployment of reliable recovery tools.
Contact Progent About the ProSight Ransomware Vulnerability Testing in Anaheim
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Consultation can bolster your protection against crypto-ransomware in Anaheim, phone Progent at 800-462-8800 or visit Contact Progent.