Ransomware has been weaponized by cyber extortionists and malicious states, representing a possibly existential risk to businesses that are victimized. Current versions of crypto-ransomware target all vulnerable resources, including online backup, making even partial restoration a complex and costly process. Novel strains of crypto-ransomware like Ryuk, Maze, Sodinokibi, Mailto (aka Netwalker), DopplePaymer, Conti and Nephilim have emerged, displacing Locky, TeslaCrypt, and Petya in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware penetrations are the result of innocent-seeming emails that include malicious hyperlinks or file attachments, and many are so-called "zero-day" variants that can escape detection by traditional signature-matching antivirus (AV) tools. Although user training and frontline detection are important to protect your network against ransomware, best practices dictate that you expect that some malware will eventually get through and that you prepare a solid backup solution that permits you to repair the damage rapidly with little if any damage.
Progent's ProSight Ransomware Preparedness Checkup is an ultra-affordable service centered around a remote discussion with a Progent cybersecurity consultant experienced in ransomware protection and recovery. During this interview Progent will work directly with your Augusta-Richmond County network management staff to collect critical information concerning your cybersecurity configuration and backup environment. Progent will utilize this data to generate a Basic Security and Best Practices Report detailing how to follow best practices for implementing and administering your cybersecurity and backup systems to prevent or clean up after a ransomware assault.
Progent's Basic Security and Best Practices Report focuses on key areas associated with crypto-ransomware prevention and restoration recovery. The report covers:
- Correct use of admin accounts
- Assigning NTFS and SMB (Server Message Block) authorizations
- Optimal firewall configuration
- Secure RDP access
- Guidance for AntiVirus (AV) tools identification and deployment
The online interview for the ProSight Ransomware Preparedness Report service lasts about one hour for the average small business network and requires more time for larger or more complicated environments. The written report contains recommendations for enhancing your ability to block or recover from a ransomware attack and Progent offers as-needed expertise to help you and your IT staff to design and deploy an efficient cybersecurity/data backup system tailored to your business needs.
- Split permission model for backup protection
- Protecting critical servers including AD
- Offsite backups including cloud backup to Microsoft Azure
Ransomware is a type of malicious software that encrypts or deletes files so they are unusable or are publicized. Ransomware sometimes locks the target's computer. To prevent the damage, the target is required to send a specified amount of money (the ransom), typically via a crypto currency such as Bitcoin, within a short time window. It is never certain that delivering the ransom will recover the lost files or avoid its exposure to the public. Files can be encrypted or erased across a network based on the victim's write permissions, and you cannot solve the military-grade encryption technologies used on the hostage files. A common ransomware attack vector is booby-trapped email, in which the user is tricked into responding to by a social engineering technique known as spear phishing. This causes the email message to appear to come from a familiar sender. Another common attack vector is an improperly secured Remote Desktop Protocol (RDP) port.
CryptoLocker ushered in the new age of crypto-ransomware in 2013, and the damage attributed to by the many strains of ransomware is said to be billions of dollars annually, roughly doubling every two years. Notorious examples are Locky, and Petya. Current headline threats like Ryuk, Maze and TeslaCrypt are more complex and have wreaked more havoc than older strains. Even if your backup/recovery procedures permit you to restore your encrypted data, you can still be hurt by so-called exfiltration, where ransomed data are made public (known as "doxxing"). Because new versions of ransomware are launched every day, there is no guarantee that conventional signature-based anti-virus tools will block the latest malware. If threat does appear in an email, it is critical that your users have been taught to be aware of phishing tricks. Your last line of defense is a solid process for scheduling and retaining offsite backups plus the deployment of dependable restoration tools.
Ask Progent About the ProSight Ransomware Preparedness Checkup in Augusta-Richmond County
For pricing information and to learn more about how Progent's ProSight Ransomware Readiness Checkup can bolster your defense against ransomware in Augusta-Richmond County, phone Progent at 800-462-8800 or see Contact Progent.