Ransomware has been widely adopted by the major cyber-crime organizations and bad-actor states, posing a possibly lethal threat to companies that are successfully attacked. The latest variations of ransomware go after all vulnerable resources, including online backup, making even partial recovery a long and expensive exercise. New versions of crypto-ransomware like Ryuk, Maze, Sodinokibi, Netwalker, DopplePaymer, Lockbit and Nephilim have emerged, displacing Locky, TeslaCrypt, and NotPetya in prominence, sophistication, and destructive impact.
90% of crypto-ransomware infections are the result of innocent-looking emails with malicious hyperlinks or attachments, and many are "zero-day" attacks that elude detection by traditional signature-based antivirus filters. While user education and frontline detection are important to protect your network against ransomware, leading practices demand that you take for granted some attacks will eventually get through and that you deploy a strong backup solution that enables you to restore files and services quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Report is an ultra-affordable service built around an online discussion with a Progent cybersecurity consultant experienced in ransomware defense and repair. During this assessment Progent will cooperate directly with your Augusta-Richmond County network managers to gather pertinent information concerning your security configuration and backup processes. Progent will use this data to generate a Basic Security and Best Practices Report documenting how to apply best practices for configuring and managing your cybersecurity and backup solution to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report highlights key issues related to ransomware prevention and restoration recovery. The review addresses:
- Proper use of admin accounts
- Correct NTFS and SMB permissions
- Proper firewall configuration
- Secure Remote Desktop Protocol (RDP) connections
- Advice about AntiVirus (AV) tools identification and configuration
The remote interview included with the ProSight Ransomware Preparedness Assessment service takes about an hour for the average small business network and longer for larger or more complicated environments. The written report features suggestions for improving your ability to ward off or clean up after a ransomware incident and Progent offers on-demand expertise to help your business to create an efficient cybersecurity/data backup system customized for your specific needs.
- Split permission model for backup protection
- Backing up key servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or deletes a victim's files so they cannot be used or are publicized. Ransomware often locks the target's computer. To avoid the carnage, the victim is required to pay a certain amount of money, typically via a crypto currency such as Bitcoin, within a short time window. There is no guarantee that delivering the ransom will restore the damaged files or prevent its publication. Files can be altered or erased throughout a network depending on the target's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the hostage files. A typical ransomware delivery package is booby-trapped email, whereby the target is lured into responding to by means of a social engineering exploit called spear phishing. This makes the email to look as though it came from a familiar sender. Another common attack vector is a poorly protected Remote Desktop Protocol port.
CryptoLocker opened the new age of ransomware in 2013, and the monetary losses caused by different strains of ransomware is estimated at billions of dollars annually, more than doubling every other year. Famous examples include WannaCry, and Petya. Current high-profile variants like Ryuk, Maze and Cerber are more elaborate and have wreaked more havoc than earlier strains. Even if your backup procedures enable you to recover your ransomed data, you can still be hurt by so-called exfiltration, where ransomed data are exposed to the public. Because additional variants of ransomware crop up daily, there is no guarantee that conventional signature-based anti-virus tools will detect the latest malware. If an attack does show up in an email, it is critical that your users have been taught to identify social engineering tricks. Your ultimate defense is a sound process for scheduling and keeping offsite backups and the deployment of reliable recovery platforms.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Consultation in Augusta-Richmond County
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Preparedness Testing can bolster your defense against ransomware in Augusta-Richmond County, phone Progent at 800-462-8800 or visit Contact Progent.