Ransomware has been weaponized by cybercriminals and bad-actor governments, posing a possibly lethal threat to companies that are breached. Modern variations of crypto-ransomware go after all vulnerable resources, including online backup, making even partial restoration a long and costly exercise. Novel strains of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Conti and Egregor have made the headlines, replacing WannaCry, Cerber, and Petya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware penetrations come from innocent-looking emails with dangerous links or attachments, and many are "zero-day" strains that can escape detection by traditional signature-matching antivirus tools. Although user training and frontline detection are important to defend against ransomware, best practices demand that you expect that some attacks will inevitably succeed and that you prepare a strong backup mechanism that allows you to recover rapidly with little if any losses.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service built around an online interview with a Progent security consultant experienced in ransomware protection and recovery. During this interview Progent will cooperate with your Atlanta IT managers to collect pertinent information concerning your security configuration and backup environment. Progent will use this information to produce a Basic Security and Best Practices Assessment detailing how to follow best practices for configuring and administering your security and backup systems to block or recover from a crypto-ransomware attack.
Progent's Basic Security and Best Practices Report highlights key areas related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Effective allocation and use of admin accounts
- Assigning NTFS and SMB authorizations
- Optimal firewall configuration
- Secure Remote Desktop Protocol (RDP) connections
- Advice about AntiVirus tools selection and configuration
The remote interview process for the ProSight Ransomware Preparedness Report service lasts about one hour for the average small business network and longer for larger or more complicated environments. The report document includes suggestions for improving your ability to block or clean up after a ransomware assault and Progent can provide as-needed expertise to help your business to design and deploy a cost-effective cybersecurity/data backup solution customized for your business needs.
- Split permission architecture for backup integrity
- Backing up key servers such as AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are made publicly available. Crypto-ransomware often locks the victim's computer. To avoid the carnage, the victim is required to pay a certain amount of money, usually in the form of a crypto currency like Bitcoin, within a short time window. It is never certain that delivering the extortion price will restore the damaged data or avoid its exposure to the public. Files can be encrypted or deleted across a network based on the target's write permissions, and you cannot break the strong encryption technologies used on the hostage files. A typical ransomware attack vector is tainted email, whereby the victim is tricked into responding to by a social engineering exploit called spear phishing. This makes the email message to appear to come from a trusted sender. Another popular vulnerability is an improperly protected Remote Desktop Protocol port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the monetary losses caused by different strains of ransomware is estimated at billions of dollars annually, roughly doubling every other year. Notorious attacks are Locky, and NotPetya. Recent high-profile variants like Ryuk, DoppelPaymer and CryptoWall are more sophisticated and have caused more havoc than older versions. Even if your backup processes allow you to recover your encrypted files, you can still be hurt by exfiltration, where ransomed data are made public. Because additional versions of ransomware crop up every day, there is no guarantee that traditional signature-matching anti-virus tools will block a new malware. If threat does appear in an email, it is critical that your end users have been taught to be aware of social engineering techniques. Your ultimate defense is a sound process for scheduling and keeping remote backups and the deployment of dependable restoration platforms.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Audit in Atlanta
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Audit can enhance your defense against crypto-ransomware in Atlanta, phone Progent at 800-462-8800 or see Contact Progent.