Ransomware has been widely adopted by cyber extortionists and rogue states, posing a potentially existential risk to businesses that are breached. Current strains of crypto-ransomware target all vulnerable resources, including backup, making even selective recovery a complex and costly process. New strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, Snatch and Egregor have emerged, replacing WannaCry, Cerber, and NotPetya in prominence, sophistication, and destructiveness.
90% of ransomware breaches are the result of innocuous-looking emails with dangerous hyperlinks or file attachments, and many are "zero-day" strains that elude detection by traditional signature-based antivirus filters. While user education and up-front identification are important to defend your network against ransomware attacks, leading practices dictate that you assume some malware will eventually get through and that you prepare a solid backup mechanism that permits you to restore files and services rapidly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service built around an online interview with a Progent security consultant experienced in ransomware protection and repair. During this interview Progent will work directly with your Anchorage IT managers to gather critical information concerning your security posture and backup processes. Progent will use this data to create a Basic Security and Best Practices Report documenting how to follow leading practices for implementing and managing your security and backup solution to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights vital issues related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Proper use of administration accounts
- Appropriate NTFS and SMB permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol (RDP) access
- Guidance for AntiVirus (AV) filtering identification and deployment
The online interview included with the ProSight Ransomware Preparedness Assessment service takes about one hour for the average small company and requires more time for larger or more complicated environments. The written report contains recommendations for enhancing your ability to ward off or clean up after a ransomware attack and Progent offers as-needed consulting services to help you and your IT staff to design and deploy an efficient security/data backup system customized for your business requirements.
- Split permission architecture for backup protection
- Protecting critical servers such as AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a variety of malware that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware sometimes locks the victim's computer. To prevent the carnage, the victim is asked to send a specified ransom, usually via a crypto currency like Bitcoin, within a short time window. It is never certain that paying the ransom will recover the lost files or avoid its exposure to the public. Files can be altered or deleted throughout a network depending on the target's write permissions, and you cannot solve the strong encryption algorithms used on the hostage files. A common ransomware delivery package is booby-trapped email, in which the user is tricked into interacting with by a social engineering exploit known as spear phishing. This causes the email message to look as though it came from a trusted source. Another common attack vector is an improperly protected RDP port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Notorious attacks include Locky, and Petya. Current high-profile variants like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have wreaked more damage than older strains. Even if your backup/recovery procedures permit you to recover your encrypted data, you can still be hurt by exfiltration, where ransomed data are made public. Because new versions of ransomware are launched daily, there is no guarantee that conventional signature-matching anti-virus filters will block a new malware. If threat does appear in an email, it is critical that your users have learned to identify social engineering tricks. Your last line of defense is a solid process for scheduling and retaining offsite backups and the use of dependable restoration platforms.
Ask Progent About the ProSight Ransomware Preparedness Consultation in Anchorage
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Consultation can bolster your defense against crypto-ransomware in Anchorage, call Progent at 800-462-8800 or visit Contact Progent.