Ransomware has been weaponized by cyber extortionists and rogue states, posing a potentially lethal risk to companies that fall victim. The latest variations of crypto-ransomware go after all vulnerable resources, including online backup, making even partial restoration a complex and expensive exercise. Novel versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Lockbit and Egregor have emerged, replacing Locky, Cerber, and CryptoWall in prominence, sophistication, and destructiveness.
90% of ransomware infections are the result of innocent-looking emails that have dangerous hyperlinks or file attachments, and many are so-called "zero-day" variants that can escape the defenses of legacy signature-matching antivirus tools. Although user training and frontline detection are critical to defend your network against ransomware, best practices demand that you assume some attacks will inevitably succeed and that you put in place a solid backup solution that permits you to repair the damage rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service centered around an online interview with a Progent cybersecurity consultant skilled in ransomware protection and recovery. In the course of this assessment Progent will work directly with your Anchorage network managers to gather pertinent information about your cybersecurity profile and backup environment. Progent will use this information to create a Basic Security and Best Practices Assessment detailing how to apply leading practices for configuring and administering your cybersecurity and backup solution to block or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key issues associated with ransomware prevention and restoration recovery. The review covers:
- Proper allocation and use of administration accounts
- Assigning NTFS and SMB (Server Message Block) permissions
- Optimal firewall settings
- Secure Remote Desktop Protocol (RDP) configuration
- Recommend AntiVirus (AV) tools selection and configuration
The remote interview process for the ProSight Ransomware Preparedness Report service lasts about one hour for the average small business and longer for bigger or more complicated IT environments. The written report features suggestions for enhancing your ability to ward off or clean up after a ransomware incident and Progent offers as-needed consulting services to help your business to create a cost-effective cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup integrity
- Protecting critical servers including AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals a victim's files so they are unusable or are made publicly available. Ransomware sometimes locks the target's computer. To avoid the damage, the victim is required to send a specified amount of money (the ransom), typically in the form of a crypto currency like Bitcoin, within a short time window. There is no guarantee that paying the extortion price will restore the damaged data or prevent its exposure to the public. Files can be encrypted or deleted throughout a network depending on the target's write permissions, and you cannot reverse engineer the strong encryption technologies used on the compromised files. A typical ransomware attack vector is booby-trapped email, whereby the user is tricked into interacting with by a social engineering technique called spear phishing. This makes the email message to appear to come from a familiar source. Another common vulnerability is an improperly secured RDP port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by the many versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Famous attacks include Locky, and Petya. Recent headline threats like Ryuk, Sodinokibi and Spora are more sophisticated and have caused more havoc than older versions. Even if your backup/recovery processes permit you to restore your ransomed files, you can still be threatened by so-called exfiltration, where stolen documents are exposed to the public. Because additional versions of ransomware are launched daily, there is no guarantee that traditional signature-matching anti-virus filters will detect a new malware. If threat does appear in an email, it is important that your end users have been taught to identify phishing techniques. Your ultimate protection is a sound process for performing and keeping remote backups and the use of reliable restoration platforms.
Contact Progent About the ProSight Crypto-Ransomware Susceptibility Report in Anchorage
For pricing details and to find out more about how Progent's ProSight Ransomware Preparedness Review can bolster your protection against ransomware in Anchorage, call Progent at 800-462-8800 or see Contact Progent.