Ransomware has become the weapon of choice for cybercriminals and malicious governments, posing a possibly existential risk to businesses that are victimized. The latest versions of ransomware target everything, including online backup, making even selective restoration a challenging and costly process. New strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), Phobos, Conti and Egregor have emerged, displacing Locky, Cerber, and NotPetya in notoriety, elaborateness, and destructiveness.
90% of crypto-ransomware penetrations are the result of innocuous-looking emails with dangerous links or attachments, and many are so-called "zero-day" attacks that can escape the defenses of legacy signature-based antivirus (AV) tools. While user education and up-front detection are important to defend against ransomware attacks, leading practices demand that you take for granted some malware will inevitably succeed and that you deploy a solid backup mechanism that permits you to recover rapidly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around a remote discussion with a Progent cybersecurity expert skilled in ransomware defense and recovery. During this interview Progent will cooperate with your Arlington network managers to collect pertinent information about your cybersecurity posture and backup environment. Progent will use this information to create a Basic Security and Best Practices Assessment detailing how to apply best practices for implementing and managing your cybersecurity and backup solution to block or clean up after a ransomware attack.
Progent's Basic Security and Best Practices Report highlights vital areas related to ransomware prevention and restoration recovery. The report covers:
- Proper allocation and use of administration accounts
- Correct NTFS and SMB authorizations
- Proper firewall configuration
- Secure Remote Desktop Protocol connections
- Guidance for AntiVirus tools selection and deployment
The remote interview process included with the ProSight Ransomware Vulnerability Checkup service lasts about an hour for the average small business network and longer for bigger or more complex IT environments. The written report contains recommendations for improving your ability to block or recover from a ransomware assault and Progent can provide as-needed consulting services to assist your business to create a cost-effective cybersecurity/data backup solution tailored to your business requirements.
- Split permission model for backup integrity
- Backing up key servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malicious software that encrypts or steals a victim's files so they cannot be used or are publicized. Ransomware often locks the victim's computer. To avoid the damage, the victim is required to send a certain amount of money, usually via a crypto currency like Bitcoin, within a brief time window. It is never certain that delivering the ransom will recover the damaged data or avoid its exposure to the public. Files can be altered or erased across a network based on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A typical ransomware delivery package is booby-trapped email, whereby the target is tricked into responding to by a social engineering exploit known as spear phishing. This causes the email message to appear to come from a familiar source. Another popular attack vector is a poorly secured RDP port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the damage caused by different strains of ransomware is estimated at billions of dollars per year, roughly doubling every two years. Notorious attacks are WannaCry, and Petya. Recent headline threats like Ryuk, DoppelPaymer and Spora are more complex and have caused more damage than older versions. Even if your backup/recovery procedures allow you to restore your encrypted data, you can still be hurt by exfiltration, where stolen documents are made public. Because new versions of ransomware are launched every day, there is no guarantee that traditional signature-based anti-virus tools will detect the latest attack. If threat does appear in an email, it is important that your end users have been taught to identify phishing tricks. Your ultimate defense is a solid scheme for performing and retaining remote backups plus the deployment of dependable recovery tools.
Ask Progent About the ProSight Ransomware Preparedness Audit in Arlington
For pricing details and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Audit can bolster your defense against crypto-ransomware in Arlington, phone Progent at 800-462-8800 or visit Contact Progent.