Ransomware has been widely adopted by cybercriminals and rogue states, representing a possibly lethal risk to companies that are victimized. Current versions of crypto-ransomware target all vulnerable resources, including backup, making even selective recovery a complex and expensive exercise. New versions of ransomware like Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Nephilim have emerged, replacing WannaCry, Cerber, and Petya in notoriety, elaborateness, and destructiveness.
Most ransomware penetrations are caused by innocuous-seeming emails that include dangerous links or attachments, and a high percentage are "zero-day" variants that can escape the defenses of traditional signature-matching antivirus (AV) filters. Although user education and up-front identification are important to protect against ransomware attacks, leading practices demand that you take for granted some attacks will inevitably succeed and that you put in place a solid backup mechanism that allows you to repair the damage quickly with little if any losses.
Progent's ProSight Ransomware Vulnerability Assessment is an ultra-affordable service built around a remote interview with a Progent security consultant experienced in ransomware defense and recovery. During this interview Progent will work directly with your Aurora IT management staff to collect pertinent information about your cybersecurity setup and backup environment. Progent will utilize this information to generate a Basic Security and Best Practices Assessment documenting how to adhere to best practices for configuring and managing your security and backup solution to prevent or recover from a ransomware attack.
Progent's Basic Security and Best Practices Assessment focuses on vital issues related to crypto-ransomware prevention and restoration recovery. The report covers:
- Correct use of admin accounts
- Appropriate NTFS (New Technology File System) and SMB (Server Message Block) permissions
- Optimal firewall configuration
- Secure Remote Desktop Protocol configuration
- Advice about AntiVirus (AV) tools selection and configuration
The remote interview included with the ProSight Ransomware Vulnerability Assessment service lasts about one hour for a typical small company and longer for bigger or more complex environments. The written report features recommendations for improving your ability to block or clean up after a ransomware assault and Progent can provide as-needed consulting services to assist your business to design and deploy a cost-effective cybersecurity/data backup system tailored to your specific needs.
- Split permission model for backup integrity
- Protecting required servers including Active Directory
- Geographically dispersed backups with cloud backup to Microsoft Azure
Ransomware is a type of malware that encrypts or deletes a victim's files so they cannot be used or are publicized. Crypto-ransomware sometimes locks the victim's computer. To avoid the carnage, the target is required to pay a certain amount of money (the ransom), typically via a crypto currency like Bitcoin, within a short period of time. It is never certain that paying the extortion price will recover the damaged data or avoid its exposure to the public. Files can be altered or deleted throughout a network based on the target's write permissions, and you cannot reverse engineer the military-grade encryption algorithms used on the compromised files. A common ransomware attack vector is tainted email, in which the target is tricked into responding to by means of a social engineering exploit known as spear phishing. This causes the email to look as though it came from a trusted source. Another common attack vector is a poorly protected RDP port.
The ransomware variant CryptoLocker opened the modern era of crypto-ransomware in 2013, and the monetary losses caused by the many versions of ransomware is estimated at billions of dollars annually, more than doubling every two years. Famous examples are WannaCry, and NotPetya. Current high-profile threats like Ryuk, DoppelPaymer and Cerber are more elaborate and have caused more havoc than earlier versions. Even if your backup procedures allow your business to restore your encrypted data, you can still be hurt by so-called exfiltration, where ransomed data are made public. Because additional variants of ransomware are launched daily, there is no certainty that conventional signature-matching anti-virus filters will detect a new malware. If an attack does appear in an email, it is important that your end users have been taught to be aware of social engineering tricks. Your last line of protection is a sound scheme for performing and retaining offsite backups and the use of dependable restoration tools.
Ask Progent About the ProSight Ransomware Readiness Report in Aurora
For pricing details and to find out more about how Progent's ProSight Ransomware Susceptibility Review can enhance your protection against crypto-ransomware in Aurora, phone Progent at 800-462-8800 or see Contact Progent.