Ransomware has been weaponized by cybercriminals and bad-actor governments, posing a potentially existential threat to businesses that are breached. Current versions of ransomware go after all vulnerable resources, including online backup, making even partial recovery a complex and costly exercise. Novel versions of crypto-ransomware such as Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have made the headlines, displacing Locky, Cerber, and NotPetya in prominence, sophistication, and destructive impact.
90% of ransomware breaches are caused by innocuous-seeming emails with malicious links or file attachments, and many are so-called "zero-day" variants that elude the defenses of traditional signature-matching antivirus filters. While user education and frontline identification are critical to defend against ransomware attacks, leading practices demand that you expect that some attacks will inevitably succeed and that you put in place a strong backup mechanism that allows you to recover quickly with minimal damage.
Progent's ProSight Ransomware Vulnerability Assessment is a low-cost service built around a remote discussion with a Progent cybersecurity consultant skilled in ransomware defense and repair. In the course of this assessment Progent will work directly with your Augusta-Richmond County network management staff to gather pertinent information about your cybersecurity posture and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report detailing how to adhere to best practices for implementing and administering your security and backup systems to prevent or clean up after a crypto-ransomware attack.
Progent's Basic Security and Best Practices Assessment highlights key issues associated with ransomware prevention and restoration recovery. The review addresses:
- Correct use of admin accounts
- Appropriate NTFS and SMB (Server Message Block) authorizations
- Proper firewall configuration
- Safe Remote Desktop Protocol access
- Advice about AntiVirus filtering selection and deployment
The remote interview process for the ProSight Ransomware Preparedness Report service takes about an hour for a typical small business network and requires more time for larger or more complicated IT environments. The written report features recommendations for enhancing your ability to block or clean up after a ransomware incident and Progent can provide as-needed expertise to assist your business to design and deploy an efficient security/data backup solution tailored to your specific requirements.
- Split permission model for backup integrity
- Protecting critical servers including AD
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or steals a victim's files so they are unusable or are publicized. Crypto-ransomware often locks the victim's computer. To avoid the damage, the victim is required to pay a certain ransom, typically via a crypto currency like Bitcoin, within a short time window. It is not guaranteed that paying the ransom will recover the lost files or avoid its exposure to the public. Files can be altered or erased throughout a network based on the target's write permissions, and you cannot reverse engineer the strong encryption algorithms used on the hostage files. A typical ransomware attack vector is booby-trapped email, whereby the user is tricked into responding to by means of a social engineering technique called spear phishing. This makes the email to look as though it came from a trusted source. Another common vulnerability is a poorly protected Remote Desktop Protocol (RDP) port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses attributed to by different versions of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples include WannaCry, and Petya. Current high-profile threats like Ryuk, DoppelPaymer and TeslaCrypt are more sophisticated and have wreaked more havoc than earlier strains. Even if your backup procedures permit your business to restore your ransomed data, you can still be hurt by exfiltration, where ransomed documents are made public. Because new variants of ransomware are launched daily, there is no guarantee that conventional signature-based anti-virus filters will block the latest attack. If threat does appear in an email, it is critical that your end users have learned to identify social engineering tricks. Your ultimate defense is a sound process for scheduling and retaining offsite backups and the use of dependable recovery platforms.
Contact Progent About the ProSight Ransomware Readiness Audit in Augusta-Richmond County
For pricing information and to find out more about how Progent's ProSight Ransomware Preparedness Review can bolster your defense against ransomware in Augusta-Richmond County, call Progent at 800-462-8800 or visit Contact Progent.