Ransomware has been weaponized by cybercriminals and malicious governments, representing a possibly existential threat to businesses that are breached. Modern variations of crypto-ransomware go after all vulnerable resources, including backup, making even selective recovery a long and expensive exercise. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Lockbit and Nephilim have made the headlines, replacing WannaCry, Cerber, and Petya in prominence, sophistication, and destructiveness.
90% of ransomware infections are caused by innocent-seeming emails that have dangerous links or file attachments, and a high percentage are so-called "zero-day" strains that elude detection by legacy signature-based antivirus (AV) tools. Although user education and up-front detection are important to protect against ransomware, best practices demand that you assume some malware will eventually succeed and that you implement a strong backup solution that allows you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service built around an online interview with a Progent cybersecurity expert skilled in ransomware protection and repair. During this assessment Progent will collaborate directly with your Arlington network management staff to gather critical data concerning your security configuration and backup processes. Progent will utilize this data to generate a Basic Security and Best Practices Report detailing how to follow leading practices for implementing and managing your cybersecurity and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report focuses on key issues associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Effective allocation and use of administration accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) authorizations
- Optimal firewall settings
- Secure Remote Desktop Protocol connections
- Advice about AntiVirus tools selection and configuration
The online interview included with the ProSight Ransomware Vulnerability Assessment service takes about one hour for a typical small company and requires more time for larger or more complicated environments. The report document includes suggestions for enhancing your ability to ward off or clean up after a ransomware incident and Progent offers as-needed consulting services to assist you and your IT staff to design and deploy a cost-effective security/data backup system customized for your specific requirements.
- Split permission model for backup integrity
- Protecting required servers such as AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals a victim's files so they are unusable or are made publicly available. Crypto-ransomware sometimes locks the target's computer. To avoid the carnage, the victim is asked to pay a certain amount of money, typically via a crypto currency like Bitcoin, within a short period of time. There is no guarantee that paying the ransom will recover the lost data or avoid its publication. Files can be altered or deleted throughout a network depending on the target's write permissions, and you cannot break the strong encryption algorithms used on the hostage files. A typical ransomware delivery package is spoofed email, whereby the victim is tricked into interacting with by a social engineering exploit called spear phishing. This causes the email to appear to come from a familiar source. Another common attack vector is an improperly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the damage caused by different versions of ransomware is said to be billions of dollars annually, roughly doubling every two years. Notorious attacks include Locky, and Petya. Recent headline threats like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have wreaked more damage than earlier strains. Even if your backup procedures allow you to restore your encrypted data, you can still be hurt by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because new variants of ransomware crop up every day, there is no guarantee that conventional signature-based anti-virus tools will block the latest attack. If an attack does appear in an email, it is important that your end users have learned to be aware of social engineering techniques. Your last line of protection is a sound process for performing and retaining remote backups plus the deployment of reliable restoration platforms.
Contact Progent About the ProSight Ransomware Vulnerability Audit in Arlington
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Vulnerability Evaluation can bolster your defense against crypto-ransomware in Arlington, phone Progent at 800-993-9400 or see Contact Progent.