Ransomware has been weaponized by cyber extortionists and rogue governments, posing a possibly existential threat to businesses that are successfully attacked. The latest strains of ransomware target everything, including backup, making even selective restoration a long and expensive process. New variations of ransomware such as Ryuk, Maze, Sodinokibi, Netwalker, Phobos, LockBit and Nephilim have made the headlines, displacing WannaCry, Spora, and Petya in notoriety, elaborateness, and destructive impact.
Most crypto-ransomware breaches are caused by innocent-looking emails that have dangerous links or file attachments, and many are "zero-day" strains that elude the defenses of traditional signature-based antivirus filters. Although user training and frontline detection are critical to defend your network against ransomware, leading practices demand that you expect that some attacks will inevitably get through and that you implement a strong backup solution that permits you to repair the damage quickly with minimal losses.
Progent's ProSight Ransomware Preparedness Assessment is a low-cost service built around an online discussion with a Progent cybersecurity expert experienced in ransomware protection and repair. In the course of this interview Progent will work with your Aurora network management staff to gather pertinent information about your security setup and backup environment. Progent will utilize this information to create a Basic Security and Best Practices Report detailing how to follow best practices for implementing and administering your cybersecurity and backup systems to block or recover from a ransomware assault.
Progent's Basic Security and Best Practices Assessment focuses on vital issues related to crypto-ransomware prevention and restoration recovery. The report addresses:
- Correct use of admin accounts
- Appropriate NTFS and SMB permissions
- Optimal firewall setup
- Safe Remote Desktop Protocol (RDP) configuration
- Advice about AntiVirus filtering identification and configuration
The remote interview for the ProSight Ransomware Vulnerability Assessment service takes about one hour for the average small company and longer for bigger or more complex IT environments. The report document includes recommendations for improving your ability to block or clean up after a ransomware incident and Progent can provide as-needed consulting services to help you and your IT staff to create an efficient security/data backup system customized for your specific requirements.
- Split permission model for backup integrity
- Backing up key servers including AD
- Offsite backups with cloud backup to Azure
Ransomware is a form of malware that encrypts or deletes files so they cannot be used or are publicized. Crypto-ransomware often locks the victim's computer. To prevent the carnage, the victim is required to send a certain amount of money, typically in the form of a crypto currency like Bitcoin, within a brief time window. There is no guarantee that paying the extortion price will recover the lost files or avoid its exposure to the public. Files can be altered or erased throughout a network based on the victim's write permissions, and you cannot break the military-grade encryption technologies used on the hostage files. A common ransomware delivery package is booby-trapped email, whereby the victim is tricked into interacting with by means of a social engineering exploit called spear phishing. This makes the email to appear to come from a trusted source. Another common vulnerability is a poorly secured RDP port.
CryptoLocker opened the new age of crypto-ransomware in 2013, and the monetary losses attributed to by different strains of ransomware is estimated at billions of dollars annually, more than doubling every other year. Notorious attacks include Locky, and NotPetya. Current headline variants like Ryuk, Maze and CryptoWall are more elaborate and have caused more havoc than older versions. Even if your backup/recovery processes allow you to restore your ransomed files, you can still be threatened by so-called exfiltration, where ransomed data are exposed to the public. Because additional versions of ransomware are launched daily, there is no certainty that traditional signature-based anti-virus tools will block a new attack. If an attack does show up in an email, it is important that your end users have been taught to be aware of phishing tricks. Your ultimate protection is a sound process for scheduling and keeping remote backups and the deployment of dependable recovery platforms.
Ask Progent About the ProSight Crypto-Ransomware Preparedness Evaluation in Aurora
For pricing details and to learn more about how Progent's ProSight Crypto-Ransomware Susceptibility Review can enhance your defense against crypto-ransomware in Aurora, phone Progent at 800-462-8800 or see Contact Progent.