Ransomware has been widely adopted by the major cyber-crime organizations and rogue governments, posing a possibly lethal risk to companies that fall victim. Modern versions of ransomware target everything, including online backup, making even partial recovery a challenging and costly exercise. New strains of ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Egregor have made the headlines, replacing Locky, Spora, and Petya in notoriety, elaborateness, and destructiveness.
90% of crypto-ransomware infections come from innocent-looking emails that include malicious links or attachments, and a high percentage are "zero-day" strains that elude detection by legacy signature-matching antivirus tools. While user training and up-front identification are important to defend your network against ransomware attacks, best practices demand that you assume some malware will eventually get through and that you prepare a strong backup mechanism that permits you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Preparedness Assessment is an ultra-affordable service built around a remote interview with a Progent cybersecurity expert experienced in ransomware protection and repair. In the course of this interview Progent will cooperate directly with your Atlanta network managers to gather pertinent information about your security configuration and backup processes. Progent will use this information to generate a Basic Security and Best Practices Assessment detailing how to follow best practices for configuring and administering your cybersecurity and backup solution to block or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on key areas associated with ransomware prevention and restoration recovery. The report addresses:
- Correct allocation and use of administration accounts
- Correct NTFS (New Technology File System) and SMB permissions
- Proper firewall settings
- Safe Remote Desktop Protocol (RDP) access
- Recommend AntiVirus (AV) filtering selection and deployment
The online interview process for the ProSight Ransomware Preparedness Assessment service takes about an hour for the average small business network and longer for larger or more complicated environments. The report document includes suggestions for improving your ability to ward off or clean up after a ransomware assault and Progent can provide as-needed consulting services to help you to create an efficient cybersecurity/backup solution tailored to your specific needs.
- Split permission architecture for backup integrity
- Backing up required servers including AD
- Offsite backups with cloud backup to Microsoft Azure
Ransomware is a form of malware that encrypts or steals files so they cannot be used or are made publicly available. Ransomware often locks the victim's computer. To prevent the carnage, the target is asked to pay a specified amount of money, typically via a crypto currency such as Bitcoin, within a brief time window. There is no guarantee that paying the extortion price will restore the lost data or prevent its exposure to the public. Files can be encrypted or deleted throughout a network based on the victim's write permissions, and you cannot solve the military-grade encryption algorithms used on the compromised files. A typical ransomware attack vector is tainted email, whereby the user is lured into responding to by means of a social engineering technique known as spear phishing. This causes the email message to appear to come from a familiar source. Another popular vulnerability is a poorly protected Remote Desktop Protocol port.
CryptoLocker ushered in the new age of ransomware in 2013, and the monetary losses caused by the many versions of ransomware is said to be billions of dollars per year, roughly doubling every other year. Notorious attacks include WannaCry, and Petya. Recent high-profile threats like Ryuk, Maze and Spora are more sophisticated and have wreaked more damage than earlier versions. Even if your backup processes permit you to recover your encrypted files, you can still be threatened by so-called exfiltration, where ransomed data are made public (known as "doxxing"). Because new versions of ransomware crop up daily, there is no guarantee that traditional signature-based anti-virus tools will detect a new malware. If an attack does show up in an email, it is important that your end users have been taught to identify social engineering tricks. Your ultimate defense is a solid process for scheduling and retaining remote backups and the use of dependable restoration tools.
Contact Progent About the ProSight Ransomware Preparedness Assessment in Atlanta
For pricing information and to find out more about how Progent's ProSight Crypto-Ransomware Preparedness Report can enhance your defense against crypto-ransomware in Atlanta, phone Progent at 800-462-8800 or see Contact Progent.