Ransomware has been weaponized by the major cyber-crime organizations and bad-actor states, representing a potentially existential risk to businesses that are breached. Modern strains of crypto-ransomware target everything, including backup, making even partial restoration a long and expensive process. Novel variations of ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, LockBit and Egregor have emerged, replacing WannaCry, Cerber, and Petya in notoriety, sophistication, and destructiveness.
90% of crypto-ransomware infections are the result of innocuous-looking emails with dangerous hyperlinks or file attachments, and many are so-called "zero-day" variants that can escape detection by legacy signature-based antivirus (AV) tools. While user training and up-front detection are important to defend your network against ransomware, best practices dictate that you expect that some attacks will eventually get through and that you put in place a solid backup mechanism that permits you to restore files and services quickly with minimal damage.
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around an online discussion with a Progent cybersecurity consultant skilled in ransomware defense and recovery. During this assessment Progent will work directly with your Augusta-Richmond County IT management staff to gather critical information concerning your cybersecurity profile and backup processes. Progent will use this information to produce a Basic Security and Best Practices Assessment documenting how to adhere to leading practices for implementing and managing your security and backup solution to block or clean up after a crypto-ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key areas associated with crypto-ransomware defense and restoration recovery. The review addresses:
- Effective use of administration accounts
- Assigning NTFS (New Technology File System) and SMB authorizations
- Proper firewall setup
- Secure RDP connections
- Advice about AntiVirus tools identification and configuration
The online interview included with the ProSight Ransomware Preparedness Checkup service takes about an hour for a typical small business network and longer for larger or more complex environments. The report document features recommendations for improving your ability to block or clean up after a ransomware attack and Progent offers on-demand consulting services to help you to create a cost-effective security/data backup system tailored to your business needs.
- Split permission architecture for backup protection
- Protecting critical servers including Active Directory
- Geographically dispersed backups with cloud backup to Azure
Ransomware is a variety of malware that encrypts or deletes a victim's files so they are unusable or are made publicly available. Ransomware sometimes locks the victim's computer. To prevent the carnage, the target is required to send a certain ransom, typically in the form of a crypto currency such as Bitcoin, within a short period of time. It is not guaranteed that delivering the ransom will restore the damaged data or prevent its publication. Files can be encrypted or deleted across a network based on the target's write permissions, and you cannot solve the military-grade encryption algorithms used on the hostage files. A common ransomware delivery package is spoofed email, whereby the victim is tricked into interacting with by a social engineering technique called spear phishing. This makes the email message to look as though it came from a familiar sender. Another popular attack vector is a poorly protected Remote Desktop Protocol (RDP) port.
CryptoLocker opened the modern era of ransomware in 2013, and the monetary losses caused by the many versions of ransomware is said to be billions of dollars annually, roughly doubling every other year. Notorious examples are Locky, and NotPetya. Current headline threats like Ryuk, DoppelPaymer and TeslaCrypt are more elaborate and have caused more havoc than older versions. Even if your backup procedures allow your business to recover your ransomed data, you can still be threatened by so-called exfiltration, where ransomed data are exposed to the public. Because additional variants of ransomware are launched every day, there is no guarantee that traditional signature-matching anti-virus filters will detect the latest attack. If an attack does show up in an email, it is critical that your end users have been taught to identify social engineering techniques. Your ultimate defense is a solid scheme for scheduling and keeping offsite backups plus the use of dependable recovery tools.
Contact Progent About the ProSight Crypto-Ransomware Vulnerability Testing in Augusta-Richmond County
For pricing details and to find out more about how Progent's ProSight Ransomware Vulnerability Consultation can bolster your protection against crypto-ransomware in Augusta-Richmond County, phone Progent at 800-462-8800 or visit Contact Progent.