Ransomware has been weaponized by cyber extortionists and bad-actor states, representing a possibly lethal threat to companies that fall victim. Modern variations of ransomware target all vulnerable resources, including online backup, making even selective restoration a long and expensive exercise. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Snatch and Nephilim have made the headlines, displacing WannaCry, Cerber, and Petya in notoriety, elaborateness, and destructiveness.
Most ransomware breaches are the result of innocuous-seeming emails with malicious links or file attachments, and a high percentage are so-called "zero-day" attacks that elude detection by legacy signature-matching antivirus filters. Although user training and up-front detection are critical to defend against ransomware, best practices dictate that you expect that some malware will eventually get through and that you prepare a solid backup solution that permits you to restore files and services rapidly with minimal losses.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service centered around a remote discussion with a Progent cybersecurity expert experienced in ransomware protection and repair. In the course of this assessment Progent will cooperate with your Arlington network management staff to collect pertinent information concerning your cybersecurity configuration and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Assessment documenting how to apply leading practices for configuring and administering your cybersecurity and backup solution to prevent or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report focuses on vital areas related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Proper allocation and use of admin accounts
- Assigning NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall settings
- Secure Remote Desktop Protocol (RDP) connections
- Guidance for AntiVirus filtering selection and configuration
The remote interview process for the ProSight Ransomware Vulnerability Checkup service lasts about one hour for the average small business network and requires more time for larger or more complex IT environments. The report document includes suggestions for improving your ability to ward off or clean up after a ransomware incident and Progent offers on-demand consulting services to help your business to create an efficient cybersecurity/backup solution customized for your specific requirements.
- Split permission model for backup protection
- Protecting required servers including Active Directory
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a form of malicious software that encrypts or deletes a victim's files so they are unusable or are publicized. Ransomware often locks the victim's computer. To avoid the carnage, the victim is required to send a certain ransom, typically in the form of a crypto currency like Bitcoin, within a brief time window. It is never certain that delivering the extortion price will restore the lost files or prevent its publication. Files can be encrypted or erased across a network depending on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A typical ransomware attack vector is spoofed email, in which the user is lured into interacting with by a social engineering exploit called spear phishing. This causes the email message to appear to come from a familiar source. Another common attack vector is a poorly protected Remote Desktop Protocol port.
The ransomware variant CryptoLocker opened the new age of ransomware in 2013, and the monetary losses caused by different versions of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous attacks include WannaCry, and NotPetya. Current high-profile threats like Ryuk, Sodinokibi and Cerber are more complex and have caused more havoc than older strains. Even if your backup procedures allow your business to recover your ransomed data, you can still be hurt by so-called exfiltration, where stolen documents are made public (known as "doxxing"). Because new variants of ransomware crop up daily, there is no certainty that conventional signature-matching anti-virus filters will detect a new malware. If an attack does show up in an email, it is important that your users have been taught to be aware of phishing techniques. Your last line of defense is a solid scheme for performing and retaining remote backups and the deployment of dependable restoration tools.
Ask Progent About the ProSight Ransomware Preparedness Report in Arlington
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Readiness Assessment can bolster your protection against crypto-ransomware in Arlington, call Progent at 800-462-8800 or see Contact Progent.