Ransomware has been weaponized by the major cyber-crime organizations and malicious states, representing a potentially lethal risk to companies that fall victim. Current versions of crypto-ransomware go after all vulnerable resources, including online backup, making even partial restoration a challenging and expensive exercise. Novel variations of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, replacing WannaCry, Cerber, and NotPetya in prominence, elaborateness, and destructiveness.
Most crypto-ransomware breaches are the result of innocuous-seeming emails that include malicious hyperlinks or attachments, and a high percentage are "zero-day" attacks that elude the defenses of legacy signature-matching antivirus (AV) tools. Although user training and frontline detection are important to protect against ransomware attacks, best practices dictate that you take for granted some malware will inevitably get through and that you implement a strong backup mechanism that enables you to recover quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Report is an ultra-affordable service built around an online interview with a Progent cybersecurity consultant experienced in ransomware protection and repair. During this interview Progent will work directly with your Atlanta network managers to collect critical information concerning your cybersecurity profile and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Assessment detailing how to apply leading practices for configuring and administering your cybersecurity and backup systems to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key issues associated with ransomware defense and restoration recovery. The report addresses:
- Correct allocation and use of administration accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol connections
- Guidance for AntiVirus (AV) tools selection and deployment
The online interview included with the ProSight Ransomware Vulnerability Assessment service takes about an hour for a typical small business and longer for bigger or more complex environments. The written report contains recommendations for improving your ability to ward off or clean up after a ransomware assault and Progent offers on-demand consulting services to assist your business to design and deploy an efficient cybersecurity/data backup solution customized for your business requirements.
- Split permission model for backup integrity
- Protecting key servers including Active Directory
- Offsite backups with cloud backup to Azure
Ransomware is a type of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Ransomware often locks the victim's computer. To avoid the damage, the target is asked to pay a certain amount of money, usually in the form of a crypto currency like Bitcoin, within a brief period of time. It is not guaranteed that delivering the extortion price will restore the damaged files or prevent its publication. Files can be altered or deleted across a network depending on the target's write permissions, and you cannot break the military-grade encryption technologies used on the compromised files. A typical ransomware delivery package is booby-trapped email, in which the user is lured into responding to by a social engineering exploit known as spear phishing. This causes the email message to look as though it came from a familiar sender. Another common attack vector is an improperly secured RDP port.
CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by different versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous attacks include WannaCry, and NotPetya. Current high-profile threats like Ryuk, DoppelPaymer and CryptoWall are more complex and have caused more havoc than older versions. Even if your backup/recovery processes permit your business to recover your encrypted data, you can still be hurt by so-called exfiltration, where stolen data are exposed to the public. Because additional variants of ransomware crop up daily, there is no guarantee that traditional signature-based anti-virus filters will detect the latest malware. If threat does appear in an email, it is critical that your users have learned to identify phishing techniques. Your last line of defense is a solid process for performing and retaining remote backups plus the deployment of dependable restoration tools.
Ask Progent About the ProSight Crypto-Ransomware Susceptibility Audit in Atlanta
For pricing information and to find out more about how Progent's ProSight Ransomware Vulnerability Consultation can enhance your protection against crypto-ransomware in Atlanta, phone Progent at 800-462-8800 or visit Contact Progent.