Ransomware has become the weapon of choice for cyber extortionists and bad-actor states, posing a potentially lethal threat to companies that are successfully attacked. Current strains of crypto-ransomware go after all vulnerable resources, including online backup, making even partial recovery a long and expensive exercise. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Nephilim have made the headlines, replacing Locky, TeslaCrypt, and CryptoWall in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware breaches are the result of innocuous-looking emails that have dangerous hyperlinks or attachments, and a high percentage are "zero-day" strains that elude detection by traditional signature-matching antivirus (AV) filters. Although user education and up-front detection are critical to defend against ransomware attacks, leading practices dictate that you expect that some attacks will inevitably succeed and that you implement a strong backup mechanism that permits you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service built around an online discussion with a Progent cybersecurity expert skilled in ransomware defense and repair. In the course of this interview Progent will collaborate with your Anaheim IT managers to collect pertinent data about your security profile and backup environment. Progent will utilize this data to produce a Basic Security and Best Practices Report documenting how to adhere to best practices for configuring and administering your cybersecurity and backup solution to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key areas related to crypto-ransomware defense and restoration recovery. The review addresses:
- Proper use of admin accounts
- Correct NTFS and SMB (Server Message Block) permissions
- Proper firewall setup
- Safe Remote Desktop Protocol connections
- Recommend AntiVirus (AV) filtering identification and deployment
The remote interview process included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small business and requires more time for bigger or more complex IT environments. The report document features suggestions for enhancing your ability to ward off or recover from a ransomware incident and Progent offers on-demand consulting services to assist you and your IT staff to create a cost-effective security/backup system tailored to your business requirements.
- Split permission model for backup integrity
- Backing up key servers such as Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes files so they cannot be used or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the carnage, the target is required to send a certain ransom, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is not guaranteed that delivering the extortion price will recover the lost files or avoid its exposure to the public. Files can be altered or erased across a network depending on the target's write permissions, and you cannot break the strong encryption technologies used on the compromised files. A typical ransomware delivery package is booby-trapped email, whereby the user is tricked into responding to by a social engineering technique called spear phishing. This makes the email to look as though it came from a familiar sender. Another popular vulnerability is a poorly protected RDP port.
The ransomware variant CryptoLocker ushered in the modern era of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious examples are Locky, and NotPetya. Recent high-profile threats like Ryuk, DoppelPaymer and Cerber are more complex and have caused more damage than earlier strains. Even if your backup procedures enable your business to recover your encrypted data, you can still be threatened by exfiltration, where stolen documents are exposed to the public. Because new variants of ransomware crop up every day, there is no guarantee that conventional signature-based anti-virus tools will detect a new attack. If threat does appear in an email, it is important that your users have been taught to identify phishing tricks. Your ultimate defense is a solid process for scheduling and retaining remote backups plus the deployment of reliable recovery platforms.
Contact Progent About the ProSight Ransomware Susceptibility Evaluation in Anaheim
For pricing details and to learn more about how Progent's ProSight Ransomware Readiness Consultation can bolster your protection against crypto-ransomware in Anaheim, call Progent at 800-462-8800 or visit Contact Progent.