Ransomware has been widely adopted by cybercriminals and malicious governments, representing a potentially lethal risk to companies that are successfully attacked. Modern strains of ransomware target all vulnerable resources, including online backup, making even partial recovery a complex and costly exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have made the headlines, replacing WannaCry, TeslaCrypt, and NotPetya in prominence, elaborateness, and destructive impact.
Most ransomware breaches are caused by innocent-looking emails that have malicious hyperlinks or attachments, and many are "zero-day" strains that can escape the defenses of legacy signature-based antivirus (AV) tools. Although user education and up-front detection are critical to protect your network against ransomware, leading practices dictate that you assume some attacks will inevitably succeed and that you put in place a solid backup mechanism that permits you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around a remote discussion with a Progent security consultant skilled in ransomware protection and repair. In the course of this interview Progent will collaborate with your Anchorage network managers to collect critical data about your cybersecurity profile and backup processes. Progent will utilize this information to create a Basic Security and Best Practices Assessment detailing how to adhere to leading practices for implementing and administering your cybersecurity and backup systems to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key issues associated with ransomware defense and restoration recovery. The review covers:
- Proper allocation and use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Secure Remote Desktop Protocol connections
- Guidance for AntiVirus tools identification and configuration
The online interview process for the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small business network and requires more time for larger or more complicated environments. The report document includes suggestions for improving your ability to block or clean up after a ransomware incident and Progent can provide on-demand expertise to assist you to design and deploy a cost-effective security/backup system tailored to your specific needs.
- Split permission architecture for backup protection
- Backing up critical servers such as Active Directory
- Geographically dispersed backups including cloud backup to Azure
Ransomware is a form of malicious software that encrypts or deletes files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the victim's computer. To prevent the carnage, the target is asked to pay a specified amount of money, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that delivering the extortion price will restore the damaged data or prevent its publication. Files can be encrypted or erased across a network depending on the target's write permissions, and you cannot break the military-grade encryption algorithms used on the hostage files. A typical ransomware attack vector is booby-trapped email, whereby the target is lured into responding to by a social engineering exploit known as spear phishing. This causes the email to look as though it came from a familiar sender. Another popular vulnerability is an improperly secured Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Notorious examples are WannaCry, and Petya. Recent high-profile threats like Ryuk, Sodinokibi and CryptoWall are more elaborate and have wreaked more havoc than earlier versions. Even if your backup procedures permit you to restore your ransomed files, you can still be hurt by exfiltration, where ransomed documents are made public. Because additional versions of ransomware are launched every day, there is no certainty that conventional signature-matching anti-virus filters will detect a new attack. If threat does show up in an email, it is important that your end users have learned to identify phishing tricks. Your ultimate defense is a solid scheme for performing and retaining remote backups and the deployment of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Preparedness Consultation in Anchorage
For pricing details and to learn more about how Progent's ProSight Ransomware Readiness Evaluation can bolster your protection against crypto-ransomware in Anchorage, phone Progent at 800-462-8800 or visit Contact Progent.