Ransomware has been weaponized by the major cyber-crime organizations and rogue governments, representing a potentially lethal risk to businesses that are successfully attacked. The latest variations of crypto-ransomware go after all vulnerable resources, including backup, making even partial recovery a challenging and costly exercise. Novel variations of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have emerged, replacing WannaCry, Cerber, and NotPetya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware penetrations come from innocuous-looking emails that have dangerous hyperlinks or attachments, and a high percentage are "zero-day" variants that can escape the defenses of legacy signature-based antivirus (AV) filters. While user training and up-front detection are important to defend against ransomware attacks, best practices demand that you assume some malware will eventually succeed and that you implement a strong backup mechanism that permits you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service built around a remote interview with a Progent cybersecurity consultant experienced in ransomware protection and repair. During this assessment Progent will work with your Anchorage IT managers to collect pertinent information concerning your security profile and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Assessment detailing how to apply best practices for configuring and administering your cybersecurity and backup solution to prevent or recover from a crypto-ransomware assault.
Progent's Basic Security and Best Practices Assessment highlights key areas associated with ransomware prevention and restoration recovery. The report covers:
- Proper use of administration accounts
- Assigning NTFS and SMB permissions
- Optimal firewall configuration
- Safe Remote Desktop Protocol (RDP) access
- Guidance for AntiVirus (AV) tools identification and deployment
The online interview included with the ProSight Ransomware Preparedness Report service takes about one hour for the average small company and longer for bigger or more complex IT environments. The report document features suggestions for improving your ability to ward off or recover from a ransomware attack and Progent can provide on-demand expertise to assist you and your IT staff to design and deploy a cost-effective security/backup system tailored to your business needs.
- Split permission architecture for backup protection
- Protecting critical servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or deletes a victim's files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To avoid the damage, the target is asked to send a certain ransom, typically in the form of a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the extortion price will restore the damaged files or avoid its publication. Files can be encrypted or deleted throughout a network based on the target's write permissions, and you cannot break the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is booby-trapped email, whereby the victim is lured into responding to by means of a social engineering technique called spear phishing. This makes the email to look as though it came from a trusted sender. Another common vulnerability is an improperly secured Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of ransomware in 2013, and the damage caused by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every two years. Notorious attacks include WannaCry, and Petya. Recent high-profile variants like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have caused more damage than older strains. Even if your backup/recovery procedures enable you to recover your encrypted data, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public. Because additional variants of ransomware are launched daily, there is no guarantee that traditional signature-based anti-virus tools will block a new attack. If an attack does appear in an email, it is critical that your users have been taught to identify phishing techniques. Your last line of defense is a sound process for performing and keeping offsite backups and the use of reliable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Report in Anchorage
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Susceptibility Checkup can bolster your defense against ransomware in Anchorage, call Progent at 800-462-8800 or see Contact Progent.