Ransomware has become the weapon of choice for cybercriminals and rogue governments, representing a potentially existential threat to businesses that fall victim. Current versions of ransomware target everything, including backup, making even selective recovery a long and costly exercise. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Snatch and Egregor have made the headlines, replacing WannaCry, TeslaCrypt, and Petya in notoriety, elaborateness, and destructiveness.
Most ransomware breaches come from innocent-seeming emails with dangerous hyperlinks or attachments, and a high percentage are "zero-day" attacks that can escape the defenses of legacy signature-matching antivirus (AV) tools. While user training and frontline identification are important to protect against ransomware attacks, best practices dictate that you assume some attacks will eventually get through and that you deploy a strong backup solution that allows you to repair the damage quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around an online discussion with a Progent security expert skilled in ransomware defense and repair. During this interview Progent will work with your Arlington IT managers to gather pertinent data about your cybersecurity profile and backup environment. Progent will use this data to generate a Basic Security and Best Practices Report documenting how to apply best practices for configuring and managing your security and backup solution to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on key areas associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Effective allocation and use of admin accounts
- Assigning NTFS and SMB authorizations
- Proper firewall configuration
- Safe RDP access
- Guidance for AntiVirus tools identification and configuration
The online interview for the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small business network and requires more time for bigger or more complicated IT environments. The written report features suggestions for enhancing your ability to ward off or recover from a ransomware attack and Progent offers as-needed expertise to help you to create an efficient security/data backup system tailored to your business needs.
- Split permission model for backup integrity
- Protecting critical servers including Active Directory
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or steals files so they are unusable or are made publicly available. Ransomware often locks the victim's computer. To avoid the damage, the target is required to send a certain amount of money (the ransom), usually in the form of a crypto currency such as Bitcoin, within a brief period of time. There is no guarantee that paying the ransom will recover the lost files or avoid its publication. Files can be encrypted or deleted across a network based on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A typical ransomware attack vector is booby-trapped email, in which the user is lured into interacting with by means of a social engineering exploit known as spear phishing. This makes the email message to look as though it came from a trusted source. Another common attack vector is an improperly secured Remote Desktop Protocol port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by different versions of ransomware is said to be billions of dollars annually, more than doubling every two years. Notorious attacks are Locky, and NotPetya. Recent high-profile threats like Ryuk, Maze and Cerber are more sophisticated and have caused more havoc than older strains. Even if your backup processes allow you to recover your encrypted data, you can still be threatened by exfiltration, where ransomed data are exposed to the public. Because additional versions of ransomware crop up daily, there is no guarantee that traditional signature-based anti-virus tools will block a new malware. If threat does appear in an email, it is important that your users have been taught to identify social engineering tricks. Your last line of defense is a sound scheme for performing and keeping remote backups plus the use of dependable restoration tools.
Contact Progent About the ProSight Ransomware Preparedness Review in Arlington
For pricing details and to learn more about how Progent's ProSight Ransomware Preparedness Assessment can bolster your defense against crypto-ransomware in Arlington, call Progent at 800-462-8800 or see Contact Progent.